securylight/CTparental.txt

## CTparental.txt
CVE-2021-37367
CVSS:AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Score: 7.8 (High)
Vulnerble product version: CTParental 4.45.02m
Vulnerability type: Command execution(CWE-78)
Vulnerability Description: CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.
Link to Maintainer Acknowledgment:
https://gitlab.com/marsat/CTparental/-/releases/4.45.07

CVE-2021-37366
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Score: 8.8 (High)
Vulnerble product version: CTParental 4.45.02m
Vulnerability type:CSRF(CWE-352)
Vulnerability Description:CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
Link to Maintainer Acknowledgment:
https://gitlab.com/marsat/CTparental/-/releases/4.45.03

CVE-2021-37365
CVSS: 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Score: 6.1 (Medium)
Vulnerble product version: CTParental 4.45.02m
Vulnerability type: XSS (CWE-79)
Vulnerability Description:CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
Link to Maintainer Acknowledgment:
https://gitlab.com/marsat/CTparental/-/releases/4.45.03
	CVE-2021-37367
	CVSS:AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
	Score: 7.8 (High)
	Vulnerble product version: CTParental 4.45.02m
	Vulnerability type: Command execution(CWE-78)
	Vulnerability Description: CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.
	Link to Maintainer Acknowledgment:
	https://gitlab.com/marsat/CTparental/-/releases/4.45.07

	CVE-2021-37366
	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
	Score: 8.8 (High)
	Vulnerble product version: CTParental 4.45.02m
	Vulnerability type:CSRF(CWE-352)
	Vulnerability Description:CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
	Link to Maintainer Acknowledgment:
	https://gitlab.com/marsat/CTparental/-/releases/4.45.03

	CVE-2021-37365
	CVSS: 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
	Score: 6.1 (Medium)
	Vulnerble product version: CTParental 4.45.02m
	Vulnerability type: XSS (CWE-79)
	Vulnerability Description:CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
	Link to Maintainer Acknowledgment:
	https://gitlab.com/marsat/CTparental/-/releases/4.45.03