This page lists publicly disclosed CVE vulnerabilities affecting ctparental_project ctparental (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-37367 | CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | [email protected] | 7.8 | 0.52% | 2021-08-10 | 2026-06-17 |
| CVE-2021-37366 | CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | [email protected] | 8.8 | 0.51% | 2021-08-10 | 2026-06-17 |
| CVE-2021-37365 | CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage. | [email protected] | 6.1 | 0.69% | 2021-08-10 | 2026-06-17 |