Goollery contains a flaw that may allow a remote attacker to execute arbitrary commands via remote file inclusion. This flaw exists because the application does not validate the "page" variable upon submission to the viewalbum.php script. This could allow an attacker to include remote code to be executed by the target server, leading to a loss of integrity.
Remote / Network Access
Loss of Integrity
Upgrade to version 0.04b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.