CVE-2009-1504

Xigla Absolute Control Panel XE - Authentication Bypass

Title source: rule

Description

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsasp

https://www.exploit-db.com/exploits/8529

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8529

Scores

EPSS 0.0034

EPSS Percentile 56.9%

Details

CWE

CWE-287

Status published

Products (1)

xigla/absolute_control_panel_xe 1.5

Published May 01, 2009

Tracked Since Feb 18, 2026