Kriss Andsten

**Name of the Vulnerable Software and Affected Versions** Menantlo Gallery versions prior to 3.0 **Description** The issue allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting upload permissions to trusted users and disabling the execution of files in the affected directory until a patch is available. Restrict access to the `modules/gallery/models/item.php` module to minimize the risk of exploitation. Avoid using the file upload feature in the affected module until the issue is resolved.