The remote host is vulnerable to a Script Injection attack.
The remote host is running PPA, a photo album application written in PHP. There is a flaw in the remote version of this software that may allow an attacker to force the remote PHP script to include arbitrary files hosted on a third-party server. Therefore, an attacker can exploit this flaw to execute arbitrary PHP code on the remote host.
No solution is known at this time.