CVE-2005-1325

phpMyVisites 1.3 - Arbitrary File Read and Inclusion via mylang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1325. PoCs published by Max Cerny.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in phpMyVisites 1.3, allowing attackers to include arbitrary local files via the 'mylang' parameter. The possibility of remote file inclusion is unconfirmed but could lead to arbitrary PHP code execution.

Description

set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Max Cerny · htmlwebappsphp

https://www.exploit-db.com/exploits/25531

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in phpMyVisites 1.3, allowing attackers to include arbitrary local files via the 'mylang' parameter. The possibility of remote file inclusion is unconfirmed but could lead to arbitrary PHP code execution.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phpMyVisites 1.3

No auth needed

Prerequisites: Access to the target application's login.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_confirm

http://cvs.sourceforge.net/viewcvs.py/phpmyvisites/phpmyvisites/include/set_lang.php?r1=1.5&r2=1.6

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111454298603060&w=2

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13370

Scores

EPSS 0.0300

EPSS Percentile 85.6%

Details

Status published

Products (1)

matthieu_aubry/phpmyvisites 1.3

Published May 02, 2005

Tracked Since Feb 18, 2026