PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).
https://exchange.xforce.ibmcloud.com/vulnerabilities/25583
http://www.securityfocus.com/bid/17323
http://www.securityfocus.com/archive/1/434419/100/0/threaded
http://www.securityfocus.com/archive/1/429395/100/0/threaded