Ctparental Project

ctparental_project

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-37367 1Ctparental Project 1Ctparental Jun 17, 2026 Aug 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that co...Show more CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.Show less
CVE-2021-37366 1Ctparental Project 1Ctparental Jun 17, 2026 Aug 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filter...Show more CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.Show less
CVE-2021-37365 1Ctparental Project 1Ctparental Jun 17, 2026 Aug 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' withou...Show more CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.Show less