RedTeam has identified two security flaws in PAJAX versions 0.5.1 and below. It is possible to execute arbitrary PHP code from unchecked user input. Additionally, it is possible to include arbitrary files on the server ending in ".class.php".
223f89066530be65e8100cf31774da9860ea9f254965c65c5bc52ade6f7acfac