Fred

**Name of the Vulnerable Software and Affected Versions** Gallery versions 1.3.1 through 1.4.1 **Description** The issue allows remote attackers to modify the `HTTP POST VARS` variable and conduct a PHP remote file inclusion attack via the `GALLERY BASEDIR` parameter. **Recommendations** For Gallery versions 1.3.1 through 1.4.1, consider disabling the register globals simulation capability as a temporary workaround until a patch is available. Restrict access to the `GALLERY BASEDIR` parameter to minimize the risk of exploitation.