CVE-2009-4745

Dreamlevels DreamPoll 3.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4745. PoCs published by infosecstuff.

AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in Dream Poll 3.1 via crafted URL parameters. The XSS payload triggers a JavaScript alert, while SQLi payloads manipulate the 'sortField' parameter to execute arbitrary SQL commands.

Description

Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.

Exploits (2)

exploitdb WORKING POC VERIFIED
by infosecstuff · textwebappsphp
https://www.exploit-db.com/exploits/33282

The exploit demonstrates XSS and SQL injection vulnerabilities in Dream Poll 3.1 via crafted URL parameters. The XSS payload triggers a JavaScript alert, while SQLi payloads manipulate the 'sortField' parameter to execute arbitrary SQL commands.

Classification
Working Poc 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target: Dream Poll 3.1
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/10006

The document details XSS and SQL injection vulnerabilities in DreamPoll 3.1, including specific attack vectors via the 'recordsPerPage' and 'sortField' parameters. It provides example payloads and confirms vendor notification and patch release.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target: DreamPoll 3.1
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507039/100/0/threaded

Scores

EPSS 0.0090
EPSS Percentile 55.0%

Details

CWE
CWE-89
Status published
Products (1)
dreamlevels/dreampoll 3.1
Published Mar 26, 2010
Tracked Since Feb 18, 2026