Re: SQL injection vulnerability in WebDB

[security curmudgeon <jericho () attrition org>]

Hello,

For both of your WebDB advisories, you say:

: Product: WebDB
: Vendor: Lois Software
: Vulnerable Version: 2.0a and Probably Prior Versions

: Status: Fixed by Vendor
: Risk level: High 

: Solution: There is no need for anybody to upgrade to the latest version. 

Why is there no need for anybody to upgrade to the latest version on a 
"High risk" vulnerability? 

In addition, could you please include vendor URLs in all of your 
advisories?

Thanks