A vulnerability in Maian Cart was recently reported to me by Martin Schophaus of
https://mschop.de which could enable a malicious user to execute a SQL injection command via a forged 'X-Forwarded-For' header. This issue is not currently public and will not be made public for 30 days, so you have plenty of time to patch any affected systems. My thanks to Martin for his sensitivity in this matter.
It is important that you patch your systems NOW.
As a precautionary measure I have updated similar code in other Maian systems to make sure they can not be attacked, so if you are using any commercial Maian product, you should do the following as soon as possible.
1. Download the patch instructions. Each software has it`s own txt file, so refer to that:
https://www.maianscriptworld.co.uk/msw-downloads/critical/2018/all-vun-header-051118.zip
2. Follow the instructions in any file to update a function in the 'control/functions.php' file.
3. Older versions can also be patched by copying the code inside the function to the existing function.
Any problems, please let me know. I apologise for this issue and hope that it hasn`t caused you any inconvenience. Thank you as always for supporting my software.
--
Thank you,
David - Lead Developer (MSWorld)