Hello,

This isn't a gallery module error; It's using the HTMLEditor. 
It appears to be a known issue that was corrected in 4.8.3 (existed up to 4.8.2). Please see this thread
http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/108/threadid/313894/scope/posts/Default.aspx
 and this security bulletin
http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno17/tabid/1162/Default.aspx
 as they may confirm or deny if that is the issue you are dealing with. If so, update your installation  (after proper testing and backing up, of course). I'd recommend updating to the latest version of DNN, meaning 4.9.4, for your installation. As there are likely to be less possible module complications than upgrading to 5, depending on what 3rd party modules you use.

I'd recommend doing a lot of testing with the 3rd party/custom apps to look for any issues and upgrading. Perhaps talking to whoever did the customizing for you and see what they say about how that module will work in the latest version.

The only other option that I can think of off the top of my head is to find the code changes regarding this issue and apply them to the 3.x.x version you have, build and upload the new dll(s). I don't recommend this, as trying to 'splice' in a single change, especially one such as file upload, has potential to have unexpected consequences.

A third option I just thought of - Restrict the "Allowed File Types" in the host settings to the smallest amount of extensions you can. If all they can do is upload txt files, it's not going to compromise your system.