mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.
http://www.securityfocus.com/archive/1/452558/100/0/threaded
http://securitytracker.com/id?1017283