This week, RedDot notified customers and partners about an immediate update to the RedDot CMS products to address a potential security vulnerability.  RedDot requests that all RedDot CMS systems be updated with the appropriate hot fix, patch or instructions for their specific version.

With RedDot CMS, it is possible for non logged-in users to execute SQL commands on the database server by inserting them into the URL command string.  Based on the results of a security test of the CMS product, RedDot has released patches to CMS version 6.5, 7.1 and 7.5 to deliver important security improvements.

To get these patches, log on to the RedDot Community Extranet at http://www.reddotcommunity.com. Once you are logged on, roll your mouse over the Products button at the top of the page and select Software Releases. Select the CMS link on the left side of the page, then select the SQL Injection link.

RedDot Support is also providing information on how to proactively detect an intrusion via the IIS log files. This downloadable file is available via the same RedDot Community Extranet path as the CMS patches: http://www.reddotcommunity.com > Products > Software Releases > CMS > SQL Injection.

For RedDot CMS versions below 6.5, instructions on how to manually update the afflicted ASP files are also available on the RedDot Community Extranet..  After logging on to the Extranet, select the Knowledge Base button at the top of the page, then select the Frequently Asked Questions link on the left side of the page.

Additional Information

If you do not have a RedDot Community Extranet account, you can request an account or get alternative instructions to obtain these files by sending e-mail to support@reddot.com.

Additional details on the CMS patches are provided in the Release Notes, which are included in the zip file for each patch. You are encouraged to review the Release Notes for appropriate instructions, versions supported and preconditions before installing the update. RedDot also strongly encourages that a project export and database backup be performed prior to installing a new version of the RedDot software.