CVE-2005-4254

DreamLevels DreamPoll 3.0 final - SQL Injection via view_Results.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4254. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Dream Poll, where the 'id' parameter in 'view_Results.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data disclosure or modification.

Description

SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26814

The provided text describes an SQL injection vulnerability in Dream Poll, where the 'id' parameter in 'view_Results.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data disclosure or modification.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Dream Poll (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2880
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21688
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2005/12/dreampoll-sql-inj.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18014
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15849

Scores

EPSS 0.0116
EPSS Percentile 63.1%

Details

Status published
Products (1)
dreamlevels/dream_poll 3.0_final
Published Dec 15, 2005
Tracked Since Feb 18, 2026