Dear Sir or Madam,
I'm an experienced website developer, I can fix these vulnerabilities for You. Fixing XSS and SQLi holes is easy, we just have to convert or remove some characters from the input string, but for the image uploading we will need to add some code to verify that the uploaded file is really an image, since there are dozens of methods to fake an image in a PHP uploader. The easiest way is to check the extension, the MIME type and the pixel size of the image (not the file size).
I mainly communicate via Email or Google Talk chat, but I'm open to suggestions if You prefer something else.
I look forward to hearing from you.