Dreamlevels Dreampoll vulnerabilities
2 known vulnerabilities affecting dreamlevels/dreampoll.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-4745P3HIGHCVSS 7.5PoCv3.12010-03-26
CVE-2009-4745 [HIGH] CWE-89 CVE-2009-4745: Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attack
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.
nvd
CVE-2009-4746P4MEDIUMCVSS 4.3PoCv3.12010-03-26
CVE-2009-4746 [MEDIUM] CWE-79 CVE-2009-4746: Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote att
Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action.
nvd