A SQL-injection has been discovered in current version of Dataparksearch (see issue 44, case 2, in Russian).
Fix is already made and committed to SVN repository (revision 758), also a new snapshot with this fix is available: dpsearch-4.54-2012-08-27.tar.bz2