2 matches found
The vulnerability of the function in bl_categires_help.php, a parental control function for Internet CTparental, allows a intruder to inject any code they desire.
The vulnerability of the CTparental parental control function in blcategireshelp.php exists due to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a hacker to inject arbitrary code...
Cross site scripting
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...