AnimaGallery version 2.6 suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.