Search engine: url param
File: C:\...\sources\admin\ManageSearch.controller.php
Url: /index.php?action=admin;area=managesearch;sa=settings
'url' => trim(Util::htmlspecialchars($_POST['engine_url'][$id], ENT_COMPAT))
htmlspecialchars replaced & symbol in my url.
Maybe better to check the url function filter_var('http://example.com', FILTER_VALIDATE_URL) ?
~ See fix example ~, but it is not safe