Cross Site Scripting=0D
********************=0D
http://[...]/read.php?msg_result=[XSS]=0D 
[XSS]=0D">http://[...]/read.php?rep_titre=">[XSS]=0D 
Cookies: CSForum_nom=">[XSS]; CSForum_mail=">[XSS]; CSForum_url=">[XSS]=0D
=0D
SQL Injection=0D
*************=0D
http://[...]/read.php?id=1'[SQL_SELECT]&debut=[SQL_LIMIT]=0D 
http://[...]/index.php?search=%'[SQL_SELECT]%23=0D 
http://[...]/index.php?debut=1[SQL] //Digit -> Without quote=0D 
=0D
Full Path Disclosure =0D
********************=0D
http://[...]/index.php?readall=&collapse[]= //setcookie()=0D 
=0D
=0D
Solution=0D
********=0D
SQL Injection => addslashes() / intval()=0D
Cross Site Scripting => htmlentities()=0D
Full Path Disclosure => is_string()=0D
=0D
=0D
Credits=0D
*******=0D
by DarkFig -- http://www.acid-root.new.fr/advisories/csforum081.txt=0D 
=0D
=0D
Changelog=0D
*********=0D
[06-06-11] -- Vendor contacted