Login Sign Up

CVE-2021-37366

8.8 HIGH
Cross-Site Scripting Authentication Bypass CSRF

📋 TL;DR

CVE-2021-37366 is a CSRF vulnerability in CTparental's admin panel that, when combined with XSS, allows attackers to trick administrators into disabling filtering for all standard users. This affects CTparental installations before version 4.45.03. Administrators who access malicious links while logged into the admin panel are vulnerable.

💻 Affected Systems

Products:
  • CTparental
Versions: All versions before 4.45.03
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin panel access and administrator interaction with malicious content.

📦 What is this software?

Ctparental by Ctparental Project

View all CVEs affecting Ctparental →

⚠️ Risk & Real-World Impact

🔴

Worst Case

All user filtering is disabled, allowing unrestricted internet access for all standard users, potentially exposing them to malicious content or bypassing organizational policies.

🟠

Likely Case

Targeted attacks against administrators lead to temporary or permanent disabling of filtering for specific users or groups.

🟢

If Mitigated

With proper CSRF protections and admin awareness, exploitation attempts are blocked or ineffective.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator to click a malicious link while authenticated. Combined CSRF/XSS attack chain is documented in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.45.03

Vendor Advisory: https://gitlab.com/marsat/CTparental/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update CTparental to version 4.45.03 or later via package manager or manual installation. 3. Restart CTparental service. 4. Verify version update.

🔧 Temporary Workarounds

Implement CSRF Tokens

linux

Add CSRF protection tokens to admin panel forms manually if unable to patch immediately.

Manual code modification required - refer to CTparental documentation

Restrict Admin Panel Access

linux

Limit admin panel access to specific IP addresses or networks.

iptables -A INPUT -p tcp --dport [admin_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [admin_port] -j DROP

🧯 If You Can't Patch

  • Educate administrators about phishing risks and never clicking untrusted links while authenticated.
  • Implement web application firewall (WAF) rules to detect and block CSRF attempts.

🔍 How to Verify

Check if Vulnerable:

Check CTparental version: if below 4.45.03, system is vulnerable.

Check Version:

ctparental --version or check package manager (apt list --installed | grep ctparental)

Verify Fix Applied:

Confirm version is 4.45.03 or higher and test admin panel forms for CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected filtering disable events in CTparental logs
  • Admin panel access from unusual IP addresses

Network Indicators:

  • HTTP POST requests to admin endpoints without referrer headers or CSRF tokens

SIEM Query:

source="ctparental.log" AND (event="filter_disabled" OR event="admin_action")

📊 Metadata

CVE ID: CVE-2021-37366
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: August 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37366, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)