CVE-2005-3519

MySource 2.14.0 - Remote PHP File Inclusion via INCLUDE_PATH and SQUIZLIB_PATH Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 9 public exploits for CVE-2005-3519. PoCs published by Secunia Research.

AI-analyzed exploit summary The provided text describes a remote/local file include vulnerability in MySource due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Description

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.

Exploits (9)

exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26371

The provided text describes a remote/local file include vulnerability in MySource due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Network access to the target · Web server with vulnerable MySource installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26364

The provided text describes a remote/local file inclusion vulnerability in MySource due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version unspecified)
No auth needed
Prerequisites: Network access to the target · Web server with vulnerable MySource installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26365

The provided text describes a remote/local file inclusion vulnerability in MySource, but does not include actual exploit code. It references a URL parameter manipulation to include arbitrary files, potentially leading to remote code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host malicious files on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26362

The code describes a remote file inclusion vulnerability in MySource due to improper input sanitization. It provides example URLs demonstrating how an attacker could execute arbitrary server-side script code by manipulating the INCLUDE_PATH or SQUIZLIB_PATH parameters.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to the vulnerable MySource application · Ability to craft malicious URLs with external file references
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26372

The provided text describes a remote and local file include vulnerability in MySource due to improper input sanitization. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26373

This exploit demonstrates a remote file inclusion vulnerability in MySource due to improper input sanitization. An attacker can execute arbitrary server-side script code by manipulating the PEAR_PATH parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to the vulnerable MySource application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26369

The provided text describes a remote and local file include vulnerability in MySource due to improper input sanitization. It allows arbitrary server-side script execution via manipulated PEAR_PATH parameters.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host malicious files on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26363

The provided text describes a remote/local file include vulnerability in MySource, where unsanitized user input allows arbitrary script execution. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host malicious files on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26370

The provided text describes a remote and local file include vulnerability in MySource due to improper input sanitization. It includes an example URL demonstrating how an attacker could exploit this to execute arbitrary server-side script code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to the target application · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22772
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15133/discuss
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/92
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20039
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20037
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112966933202769&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20036
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16946/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20040
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2132
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015075
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20038
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20041
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20035
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20042
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20043

Scores

EPSS 0.0801
EPSS Percentile 94.0%

Details

Status published
Products (2)
mysource/mysource 2.14.0
mysource/mysource 2.14.0rc2
Published Nov 06, 2005
Tracked Since Feb 18, 2026