Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.