This category browsing functionality is vulnerable to SQL injection through the category parameter.
Try manipulating the category parameter with SQL injection payloads.
Example payloads: Electronics' OR '1'='1, Electronics' UNION SELECT 1,2,3,4 --