CVE-2006-4754
PHProg before 1.1 has a Cross-site Scripting (XSS) flaw in index.php, exploitable via the album parameter used in an opendir call. The same issue can enable full path disclosure with an invalid album value that reveals the installation path in error messages. Affected software: PHProg versions pr...