Прошу помощи.Сканер нашел вот такое
/pages/account/_insert.php
145: <input type="hidden" name="PAYMENT_AMOUNT" value="'.$_POST['sum'].'">XSS!
/pages/account/_insertpm.php
51:<input type="hidden" name="PAYMENT_AMOUNT" value="'.$_POST['sum'].'">XSS!
/pages/admin/_about.php
61:$db->Query("UPDATE db_conabrul SET about = '".$_POST["tx"]."' WHERE id = '1'");SQL Injection!