Re: IT Security related question
Oye DS, leave something for other ppl too man!
Anywho, depending on the importance on the system, I would agree with 5watery. Its better to be down for period than risk penetration. Then as DS said call up the developer and beat them with a bailan like so 
Then have them come up with a patch ASAP. In the meantime search for a replacement for that service/application, and inform clients about your finding (specially true if it had any consumer info and really specially if you are in California).