RedDot CMS security bug - Have you already patched your system to avoid SQL injection?

RedDot partners and clients might have been wondering, that RedDot contacts them without any ad stuff, but the information, that there is a bug in the RedDot version < 7.5.1.86 that allows everyone who has access to the RedDot CMS login mask executing SQL code. This could mean for example, that a user just executes a DROP on your SQL-Server table and then you would wonder where all your content is gone…

Normally RedDot doesn’t tell you, if your version has a several problem, for example if it’s slow, because you are using the version 7.5.1.xx? with the database Z or something like that, then you have to find that out on your own. Or you have to ask many questions. In my opinion it’s a large disadvantage that there is no open bugtracker like other CMS developers are offering for years now. The RedDot CMS is a great product but with a bit more open minded communication it could be even greater and easier to avoid wasting time by making the same mistakes others might have done a week, month or year before.

Ok, so back to the topic. There where rumors a few days ago that there is the possibility to inject SQL directly into your CMS if it’s reachable directly through the web. So please make sure, that you will update soon to the latest version 7.5.1.86 or maybe the next Hotfix 17(Build 7.5.1.89), or add another password protection before granting access to your RedDot CMS login page. Safety-conscious RedDot Partners already made this step a few days after this security hole came up. Others still have a large “come in and find out” sign on their login page..

Also have a look at: This page or maybe this short discussion.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

Kommentarfunktion ist deaktiviert