My_eGallery versions below 3.1.1.g has PHP files which do not filter all parameters fed to functions, allowing a malicious attacker the ability to execute any command as the user id the webserver is running under. Vendor supplied patch available here.
83bc5a715a3f8b447cc27c88355d9454d43230e49474dacf297362b2f0d3486f