source: https://www.securityfocus.com/bid/19942/info
PHProg is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include a cross-site scripting vulnerability and a local file-include vulnerability.
A successful exploit may allow unauthorized users to view files and to execute local scripts, execute arbitrary scripts within the context of the web browser, and steal cookie-based authentication credentials. Other attacks are also possible.
http://www.example.com/PHProg/?id=1&album=http://www.example.com
http://www.example.com/PHProg/index.php?lang=http://www.example.com
