RSS   Vulnerabilities for 'Ctparental'   RSS

2021-08-10
 
CVE-2021-37365

CWE-79
 

 
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.

 
 
CVE-2021-37366

CWE-352
 

 
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.

 
 
CVE-2021-37367

CWE-22
 

 
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.

 


Copyright 2024, cxsecurity.com

 

Back to Top