A tad harsh
SQL injection may be old hat, but it is an example of weak validation of input data (see also XSS). If your site contains many thousands of web pages, the chances that there will be examples of such errors are rather high - in my experience it's unusual for a web application vulnerability assessment not to turn up multiple occurrences, whether they have the potential to be a major or a minor breach is largely down to luck.