Maian Cart - SQL Injection Vulnerability.
r0am1ng has been kind enough to contact us about a possible SQL injection vulnerability in Maian Cart when using the remote option to add product images. Note that this is only possible if someone was to gain access to the admin interface of Maian Cart and execute the code. The level of the severity is therefore low. As a precaution we have disabled this option for now and will address it later when the cart system gets a brand new update.
If you are using the latest version of Maian Cart, please download the zip file from the Maian Cart website and update your 'admin' folder with the current version, omitting the 'control/access.php' file.
We would like to thank r0am1ng for taking the time to let us know about this issue. :)
- 4 Feb 2026 Posted on
- Yes Important
- Critical Update Tag
www.maianmedia.com
Maian Media
News: Maian Cart - SQL Injection Vulnerability.
Posted on: 4 Feb 2026
News: Newsletter - January 2026
Posted on: 21 Jan 2026
News: Changes to White Label Licences
Posted on: 4 Feb 2025
About
We have been online now for over 25 years. We were formerly Maian Script World, but in 2021 rebranded as Maian Media. We try to provide useful self hosted website solutions. We hope you like our work.
If you require any help or assistance, please see our support options.