Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. Users of PAJAX should upgrade to the latest version pajax-0.5.2 [1].