PHPLibrary 1.5.3 and prior suffers from a remote file inclusion vulnerability in the cfg_dir variable.