This search functionality is vulnerable to SQL injection. Try searching with special characters like ' or using SQL injection payloads.
Example payloads: ' OR '1'='1, ' UNION SELECT 1,2,3,4 --
' OR '1'='1
' UNION SELECT 1,2,3,4 --