IMPORTANT! Critical Update. Patch Systems Immediately

Posted: Wed, November 7, 2018
Tags: Maian Cart, Critical Updates,

A vulnerability in Maian Cart was recently reported to us by Martin Schophaus of https://mschop.de which could enable a malicious user to execute a SQL injection command via a forged ‘X-Forwarded-For’ header. This issue is not currently public and will not be made public for 30 days, so you have plenty of time to patch any affected systems. Our thanks to Martin for his sensitivity in this matter.

It is important that you patch your systems NOW.

As a precautionary measure we have updated similar code in other Maian systems to make sure they can not be attacked, so if you are using any commercial Maian product, you should do the following as soon as possible.

1. Download the patch instructions. Each software has it’s own txt file, so refer to that: https://www.maianmedia.com/msw-downloads/critical/2018/all-vun-header-051118.zip

2. Follow the instructions in any file to update a function in the ‘control/functions.php’ file.

3. Older versions can also be patched by copying the code inside the function to the existing function.

Any problems, please let us know. We apologise for this issue and hope that it hasn’t caused you any inconvenience. Thank you as always for supporting our software.

–

David (Lead Developer @ Maian Media))