CVE-2006-4754

PHProg before 1.1 has a Cross-site Scripting (XSS) flaw in index.php, exploitable via the album parameter used in an opendir call. The same issue can enable full path disclosure with an invalid album value that reveals the installation path in error messages. Affected software: PHProg versions pr...

CVE-2006-4753

PHProg before 1.1 has a directory traversal vulnerability in the index.php file: an attacker can use a ".." in the lang parameter to read arbitrary files. The issue stems from improper input handling in the affected component, enabling potential exposure of sensitive server files. A patch is avai...