CVE-2021-37366
Description
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CTparental before 4.45.03 is vulnerable to CSRF allowing an attacker to trick an admin into canceling content filtering for all standard users.
Vulnerability
CTparental versions before 4.45.03 are vulnerable to cross-site request forgery (CSRF) in the admin panel [1]. The vulnerability allows an attacker to forge requests that cancel content filtering for all standard users, by combining CSRF with an XSS flaw.
Exploitation
An attacker needs to trick an authenticated administrator into clicking a malicious link while logged into the CTparental admin panel. No special network position is required; the attack can be performed remotely via social engineering. The attacker can craft a request that cancels filtering for all standard users.
Impact
Successful exploitation results in the deactivation of content filtering for all standard users, bypassing parental controls. This compromises the integrity of the filtering system and may expose users to inappropriate content. The CVSS score is 8.8 (High) [1].
Mitigation
The vulnerability is fixed in version 4.45.03, released as per the maintainer's acknowledgment [1]. Users should upgrade to CTparental 4.45.03 or later. No workarounds are mentioned.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CTparental/CTparentaldescription
- Range: <4.45.03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75amitrex_refsource_MISC
News mentions
0No linked articles in our index yet.