Directory traversal vulnerability in index.php in PHProg prior to 1.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter.
source: wwwsecurityfocuscom/bid/19957/info
PHProg is prone to multiple vulnerabilities The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks
Version 10 of PHProg is reported vulnerable; other versions may be affected as well ...