Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6689 to the following vulnerability: Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. References: http://gallery.menalto.com/gallery_2.2.4_released
This sounds like it could have something to do with executable extensions on Windows. This was fixed in gallery2-2.2.4-1 Fedora 8: FEDORA-2007-4778 Fedora 7: FEDORA-2007-4777