CVE-2009-4745

Dreamlevels DreamPoll 3.1 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by infosecstuff · textwebappsphp

https://www.exploit-db.com/exploits/33282

View Code ZIP pw:eip

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/10006

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507039/100/0/threaded

Scores

EPSS 0.0015

EPSS Percentile 34.9%

Details

CWE

CWE-89

Status published

Products (1)

dreamlevels/dreampoll 3.1

Published Mar 26, 2010

Tracked Since Feb 18, 2026