Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal.
Due to insufficient validation of user-supplied input, it is be possible to view arbitrary web-readable files via a specially crafted web request which contains '../' sequences.
This issue may allow a remote attacker to gather sensitive information which may be used in directed and organized attacks against a host running the Gallery software.
PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access
Remote / Network Access
Loss of Integrity
Gallery contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a URL is sent containing a 'dot-dot' directory traversal, which will disclose arbitrary file information information resulting in a loss of confidentiality.
Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.