This script is Copyright (C) 2002-2017 Tenable Network Security, Inc.
The remote web server contains a PHP script that is prone to a remote
file inclusion vulnerability.
The version of Gallery installed on the remote host is affected by a
remote file inclusion vulnerability due to the application failing to
properly sanitize user-supplied input to the 'includedir' parameter. An
attacker may use this flaw to inject arbitrary code in the remote host
and gain a shell with the privileges of the web server user.
See also :
Upgrade to Gallery 1.2.1 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true