phpMyVisites contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to "login.php" not properly sanitizing user input supplied to the "mylang" variable. This may allow a remote attacker to send a specially-crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.
Currently, there are no known workarounds or upgrades to correct this issue. However, Matthieu Aubry has released a patch (via CVS) to address this vulnerability.