UnGallery Plugin for WordPress contains a flaw that is triggered when input passed via the 'search' parameter in index.php is not properly sanitized by the wp-content/plugins/ungallery/search.php script before being used in the find command. This may allow a remote attacker to execute arbitrary shell commands.
Remote / Network Access
Loss of Integrity
Upgrade to version 2.1.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.