The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6686)