CVE-2009-1504

Xigla Absolute Control Panel XE - Authentication Bypass

Title source: rule

Description

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsasp

https://www.exploit-db.com/exploits/8529

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8529

Scores

EPSS 0.0031

EPSS Percentile 53.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

xigla/absolute_control_panel_xe

Timeline

Published May 01, 2009

Tracked Since Feb 18, 2026