[原文]PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the util.php script, when handling specific requests to index.php. As a result, an attacker may be capable of having arbitrary PHP script code being executed on the remote host with the privileges of the web server.
Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'GALLERY_BASEDIR' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
Upgrade to version 1.4-pl2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.