← Back

Ctparental

ctparental

Vendor: Ctparental Project • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-37367
1Ctparental Project
1Ctparental
Jun 17, 2026
Aug 10, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that co...Show more
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.Show less
CVE-2021-37366
1Ctparental Project
1Ctparental
Jun 17, 2026
Aug 10, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filter...Show more
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.Show less
CVE-2021-37365
1Ctparental Project
1Ctparental
Jun 17, 2026
Aug 10, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' withou...Show more
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.Show less