Maian Weblog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the print.php script not properly sanitizing user-supplied input to the 'entry' or 'email' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.
Maian Script World Maian Weblog 2.0
Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries.
This will allow an attacker to inject arbitrary SQL logic into the vulnerable parameters and scripts. As a result, the attacker may be able to access or modify sensitive information, compromise the application, or even compromise the underlying database. Other attacks are possible.