singapore Image Gallery contains a flaw that may allow a remote attacker to upload arbitrary files. The issue is triggered due to improper file name checks of the addImage() function in the 'admin.class.php' script. It is possible that the flaw may allow a remote attacker to include a NULL character in the file name and upload arbitrary files to the system resulting in a loss of integrity.
Upgrade to version 0.9.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.