EIP-2026-108924

PRE-CVE

Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108924. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates an admin function execution vulnerability in Jorp v-1.3.05.09, allowing unauthenticated users to delete projects or tasks by manipulating GET parameters 'x' and 'y'. The vulnerability lies in the 'functions.php' file, where these parameters are directly used to call delete functions without proper authentication checks.

Description

Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks

Exploits (1)

exploitdb WORKING POC VERIFIED

by YEnH4ckEr · textwebappsphp

https://www.exploit-db.com/exploits/8752

View Code ZIP pw:eip

This exploit demonstrates an admin function execution vulnerability in Jorp v-1.3.05.09, allowing unauthenticated users to delete projects or tasks by manipulating GET parameters 'x' and 'y'. The vulnerability lies in the 'functions.php' file, where these parameters are directly used to call delete functions without proper authentication checks.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Jorp v-1.3.05.09

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026