gallery2 -- file disclosure vulnerability

Michael Dipper wrote:

A vulnerability has been discovered in gallery,
which allows remote users unauthorized access to files
on the webserver.
A remote user accessing gallery over the web may use
specially crafted HTTP parameters to access arbitrary
files located on the webserver. All files readable by
the webserver process are subject to disclosure.
The vulnerability is not restricted to the webserver’s
document root but extends to the whole server file space.
The vulnerability may be used by any anonymous user,
there is no login to the application required.