1. Read-only users can post replies (permission overflow)

`newpost` only checks read permissions; there are no write permissions:

forum.post.php;

cot_block(Cot::$usr['auth_read']);
if ($a == 'newpost' && !empty($s) && !empty($q)) {

The `auth_write` permission exists on the `newtopic` endpoint but not on the `newpost` endpoint.

Result: A user with only read (R) permission can bypass the interface and send a new reply directly via a POST request. This is not an edit or delete vulnerability, but a write permission overflow.