We've received information that the likely common vector for how the web sites were compromised appears to be through the use of Dreamweaver.

There is not a flaw in Dreamweaver that was exploited.  It was a case of lazy programming on the parts of site developers who did not do a good job of "input validation" so attackers were able to do "sql injection" attacks.