KB Article #179511
API Portal EasyDiscuss and CVE-2018-5263
Problem
- Stackideas EasyDiscuss, which is distributed with API Portal, is affected by CVE-2018-5263. More details can be found from https://stackideas.com/blog/easydiscuss4021-update.
- Private portions of the EasyBlog and EasyDiscuss documentations are not accessible
- EasyBlog and EasyDiscuss language packs are not accessible
All API Portal versions are affected.
Resolution
To fix these problems, upgrade EasyBlog and EasyDiscuss following the below procedure:
- Download EasyBlog and EasyDiscuss upgrade packs from: https://support.axway.com/en/downloads/download-details/id/1438560
- Unzip APIPortal_7.5.5_Package_EasyBlogEasyDiscuss_allOS_BN1.zip in to a folder
- Sign in to your Joomla administrator panel at https://{host}/administrator
- Go to Extensions > Manage > Install
- Drag and drop the files com_easyblog_full_unlimited_5.2.3_joomla.zip/ com_easydiscuss_full_unlimited_4.0.22_joomla.zip into the Upload & Install Joomla Extension section from the folder you have unzip the files
- Follow the installation steps
- If prompted to select the installation method, select “Installation via Directory”, select the package from the drop-down list, and follow the instructions in the installer
- Repeat steps 4 to 7 for both EasyBlog and EasyDiscuss packages
From this point on:
- The vulnerability is fixed
- You can access the private parts of the EasyBlog and EasyDiscuss documentations by clicking on “sign in with Axway” when prompted to login
- You can download language packs directly from EasyBlog and EasyDiscuss “language” sections