Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.
https://exchange.xforce.ibmcloud.com/vulnerabilities/33151
http://www.securityfocus.com/bid/23033
http://www.securityfocus.com/archive/1/463192/100/0/threaded