CVE-2009-4745

Name of the Vulnerable Software and Affected Versions DreamPoll version 3.1

Description The issue concerns SQL injection vulnerabilities in the index.php file of DreamPoll. Remote attackers can execute arbitrary SQL commands by manipulating the sortField, sortDesc, or pageNumber parameters in a login action.

Recommendations For DreamPoll version 3.1, consider restricting access to the login action or validating and sanitizing the sortField, sortDesc, and pageNumber parameters to prevent SQL injection attacks. As a temporary workaround, avoid using the vulnerable parameters in the login action until a patch is available.