IMPORTANT! Critical Vulnerability Reported in Maian Cart

View: IMPORTANT! Critical Vulnerability Reported in Maian Cart

This is important if you are running Maian Cart on your servers.

A severe vulnerability has been kindly reported to us by security advisor DreyAnd. The issue concerns the elFinder file manager plugin in Maian Cart and it affects all versions from 3.0 to 3.8. This issue will be made public in 2 weeks, so please update your installations.

The issue enables a potential hacker to bypass the cart admin restrictions and execute a RCE (remote code execution) on your server. It should be considered high risk and be fixed immediately. If you are running a version older than 3.0, you are not affected.

The elFinder file manager plugin had already been removed in the upcoming 3.9 release of Maian Cart (it was removed before the issue was reported), so future versions will always be safe. To make your existing installation secure simply delete the following directory from your installations of Maian Cart.


If you were using the download manager in your admin area, simply manage the downloads via ftp.

Maian Media would like to thank DreyAnd for his discretion in reporting this issue. As mentioned previously, you have 2 weeks to secure your installations before the issue is made public.


David (Lead Developer @ Maian Media)

View More News

Maian Media

Made with in the U.K & Hong Kong

News: July 2024 - Important Changes and Updates

Posted on: 2 Jul 2024

News: Kung Hei Fat Choy February 2024

Posted on: 10 Feb 2024

News: Maian Survey v1.3 Released

Posted on: 23 Oct 2023


We have been online now for over 23 years. We were formerly Maian Script World, but in 2021 rebranded as Maian Media. We try to provide useful self hosted website solutions. We hope you like our work.

If you require any help or assistance, please see our support options.