SQL Injection priorities

[truemongo]

Noticed the top-level "SQL Injection" does not have a priority set, while the 2 subcategories (Blind and Error-based) are both P1.
Should probably either set P1 on the top-level category or add a new subcategory for SQL injection when attacker can get output directly.
If going with the 2nd option, not sure what you'd call it, maybe "SQL Injection - UNION Based"?

[plr0man]

Hi @truemongo, sorry for the long wait. After consulting with the team we have decided to remove the SQLi subcategories and leave the SQLi category as a P1 entry with no children. Let me know if you see any arguments against doing so.

[truemongo]

No problem, and that sounds good to me! Thanks