Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter.
source: wwwsecurityfocuscom/bid/13963/info
McGallery is prone to a file disclosure vulnerability
This could let remote attackers access files on the computer in the context of the Web server process
examplecom/mcgallery/adminphp?lang=//////etc/passwd
...