Nor does SQL-Ledger offer any assurance of the security of the web server. For more details, please do a search on my bugtraq posts. Many of these contain full disclosure including steps necessary to exploit these problems.
Just for clarification, I post full disclosures on many security issues we have corrected because this allows security software manufacturers (like the makers of Nessus) to integrate tests for the problems into their software. It also allows the makers of intrusion detection systems to integrate signatures for the attacks. This helps ensure that everyone is well protected against insecure software. In a few cases, we have received additional security issue reports from such manufacturers. Best Wishes, Chris Travers