minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.