Simone "negator" Onofri found multiple issues in a nice image gallery script that was going to use for his personal purposes, perhaps it's better to wait a couple of releases before using this in production. Since the vendor was not responsive this is a forced release. Found vulnerabilities include Blind SQL Injection and XSS.