we have fixed a security vulnerability in the download gallery module. All versions below 1.90 are affected. The vulnerability requires magic_quotes_gpc turned off in the PHP settings, which should not be the case on most webservers.
Install download gallery v1.90 from the addons repository over your existing version to solve the issue. Remember to backup changes in the module settings if you have applied any changes there.