CVE-2021-37367

Name of the Vulnerable Software and Affected Versions CTparental versions prior to 4.45.07

Description The issue is related to a code execution vulnerability in the CTparental admin panel. Specifically, the file "bl categories help.php" is vulnerable to directory traversal, allowing an attacker to create a file containing scripts and execute arbitrary commands. This vulnerability exists due to incorrect restriction of the directory path name with limited access.

Recommendations For CTparental versions prior to 4.45.07, update to version 4.45.07 or later to resolve the issue. As a temporary workaround, consider restricting access to the "bl categories help.php" file to minimize the risk of exploitation.