PHProg 1.0 - Multiple Input Validation Vulnerabilities

Author: cdg393
type: webapps
platform: php
port: 
date_added: 2006-09-11 
date_updated: 2013-09-24 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/19942/info

PHProg is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include a cross-site scripting vulnerability and a local file-include vulnerability.

A successful exploit may allow unauthorized users to view files and to execute local scripts, execute arbitrary scripts within the context of the web browser, and steal cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/PHProg/?id=1&album=http://www.example.com
http://www.example.com/PHProg/index.php?lang=http://www.example.com