The remote web server contains a PHP application that is affected by multiple local file include flaws.
The remote host is running Gallery, a web-based photo album application written in PHP. The version of Gallery installed on the remote host fails to sanitize input to the 'stepOrder' parameter of the 'upgrade/index.php' and 'install/index.php' scripts before using it in a PHP 'require()' function. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host provided PHP's 'register_globals' setting is enabled.
Upgrade to version 2.0.4 or higher.