I’ve released PHP Doc System version 1.5.2. This fixes the security vulnerability reported here. This vulnerability only affects people running PHP Doc System in “dynamic” mode on a public web site, not those (like me) who generate the static output and put that on their site.

It looks like this vulnerability was found back in Nov 2005, but I was just made aware of it recently (thanks visiblesoul). It is unfortunate when someone takes the time to post a vulnerability on SecurityFocus but doesn’t notify the developer.