Maian Pay

Lightweight WorldPay Ecommerce System

Download Demo More Info

Free upgrades for life.

Critical Updates

IMPORTANT! Critical Vulnerability Reported in Maian Cart
This is important if you are running Maian Cart on your servers.

A severe vulnerability has been kindly reported to me by security advisor DreyAnd. The issue concerns the elFinder file manager plugin in Maian Cart and it affects all versions from 3.0 to 3.8. This issue will be made public in 2 weeks, so please update your installations.

The issue enables a potential hacker to bypass the cart admin restrictions and execute a RCE (remote code execution) on your server. It should be considered high risk and be fixed immediately. If you are running a version older than 3.0, you are not affected.

The elFinder file manager plugin had already been removed in the upcoming 3.9 release of Maian Cart (it was removed before the issue was reported), so future versions will always be safe. To make your existing installation secure simply delete the following directory from your installations of Maian Cart.


If you were using the download manager in your admin area, simply manage the downloads via ftp.

MSWorld would like to thank DreyAnd for his discretion in reporting this issue. As mentioned previously, you have 2 weeks to secure your installations before the issue is made public.


Thank you,
David - Lead Developer (MSWorld)
IMPORTANT! Critical Update. Patch Systems Immediately
A vulnerability in Maian Cart was recently reported to me by Martin Schophaus of which could enable a malicious user to execute a SQL injection command via a forged 'X-Forwarded-For' header. This issue is not currently public and will not be made public for 30 days, so you have plenty of time to patch any affected systems. My thanks to Martin for his sensitivity in this matter.

It is important that you patch your systems NOW.

As a precautionary measure I have updated similar code in other Maian systems to make sure they can not be attacked, so if you are using any commercial Maian product, you should do the following as soon as possible.

1. Download the patch instructions. Each software has it`s own txt file, so refer to that:

2. Follow the instructions in any file to update a function in the 'control/functions.php' file.

3. Older versions can also be patched by copying the code inside the function to the existing function.

Any problems, please let me know. I apologise for this issue and hope that it hasn`t caused you any inconvenience. Thank you as always for supporting my software.


Thank you,
David - Lead Developer (MSWorld)
Maian Events v3.2 Released - Important Security Update
v3.2 of the Maian Events system has been released. This includes an important fix for a directory traversal vulnerability as reported to me recently.

If you are running v3.0 or v3.1 you must patch your systems NOW.

You can find the changelog and download info on the Maian Events website. For upgrades, refer to the upgrade section in the docs.

If you don`t have time to upgrade, the following file is all you need to replace for the security fix:


Thank you,
David - Lead Developer (MSWorld)
[CRITICAL UPDATE] PHP Mailer Class - Remote Code Execution Flaw
Dawid Golunski of Legal Hackers has recently found a serious security flaw in the PHP mailer class allowing remote code execution.

MSWorld products use infected classes and need to be patched immediately to avoid serious issues.

If you are using a commercial product, please download the patch zip and follow the instructions.
Download Patch Files

If you are using a free product, you should download the latest version of the PHP Mailer and replace the current mail class files in your installation.

No patch files are provided for free products.
[CRITICAL UPDATE] Maian Support v3 Vulnerability Fix
Robert Abela and Sven Morgenroth from Netsparker have been kind enough to contact me about a serious vulnerability in all v3* branches of Maian Support. This must be patched immediately in your installations.

For the patch files and instructions, please download the following:
Download v3 Patch Files

Only v3* branches are affected.

This issue has not been made public at the moment, so please ensure you update your installations as soon as possible to avoid disruption.

I would like to thank Robert and Sven for their discretion in this matter.
Want to get notification of new software releases? Subscribe to any of the software RSS feeds.

More Info
Bulk purchase Maian Script World products and save money. Applies to all commercial software.
Buy Any 2, Save 15%
Buy Any 3, Save 20%
Buy Any 4, Save 25%
Buy 5 or more, Save a massive 40%

More Info
Sign up for FREE and earn 40% commission on all standard commercial software purchases.

More Info
Are you looking for good, reliable web hosting for Maian Script World products?

More Info
Average 31,530 per year, 2,628 per month.
Maian Script World - Free PHP Software for Personal or Business Use.
© 2003-2021 Maian Script World & David Ian Bennett. is an authorized reseller of goods and services provided by Maian Script World

Free PHP Software / Responsive PHP Scripts / Lightweight PHP Software / White Label PHP Software