sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
http://www.securityfocus.com/archive/1/461305/100/0/threaded