The variable "$si" is not checked or sanitised upon input. There's also a wierd code obscurity.
First the code obscurity on line 112:
$searchterms is never used or referenced in showcat.php until around line 197 when it is reinitialised. Line 112 therefore looks redundant to me.
Going back to sanitizing the variables (around line 112):
Content visible to verified customers only.
"trim" merely removes uneeded whitespace before and after the string and explode then splits the string into interative chunks whereever there's a space (' '). The initial variable passed in ($si) has never been checked or cleaned up before it's used.
Because of this I'm pretty certain that the security issue mentioned here is directly applicable to ReviewPost: http://marc.theaimsgroup.com/?l=bugt...5342909640&w=2
(I'm refering to the showgallery.php references which apply to showcat.php as it's based on the same code)
With reference to the security listing above ( http://marc.theaimsgroup.com/?l=bugt...5342909640&w=2
) $cat in showproduct.php does not look to be sanitised either, meaning that that code is most likey going to fall foul to the flaws listed against showgallery.php as again showgallery and showcat are as far as I can tell the same code (I don't have photopost though.. so I'm doing my best to make an educated guess here)