SQL injection vulnerability

Our site is undergoing a security review by Security Metrics, and they are insisting that our blog is vulnerable to SQL injections. They are pointing to the fact that the following two URLs produce different results when visited:

https://www.iggsoftware.com/blog/?cat=6+and+1%3D0 (loads a page with a 404 error)
https://www.iggsoftware.com/blog/?cat=6+and+1%3D1 (reports a 403 error)

Can anybody tell me if their claims about vulnerability are legitimate, and if so what we can do about them? Thanks for your input.