I am always a little bit afraid of using standard and/or free web applications or modules. Everybody can figure out threads and attack your site
try
http://www.google.de/search?hl=de&q=SearchResult.aspx%3FCategoryID+&meta=
and then follow the first of this links and change the querystring to
SearchResult.aspx?CategoryID=asfdasdfsdf
you will get with diffrent sites often the same result. Trace and full error message is enabled. It seems that this product (http://www.storefront.net/) is preinstalled with this settings. If your are lacy seek for StoreFront.BusinessRule.CCustomer
Broken at least 3 rules for secure web applications.