CVE-2026-33715

EPSS 0.21%
Veröffentlicht 14.04.2026 21:05:35
Zuletzt bearbeitet 23.04.2026 14:56:22
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs authentication and installation-completed checks. Its test_mailer action accepts an arbitrary Symfony Mailer DSN string from POST data and uses it to connect to an attacker-specified SMTP server, enabling Server-Side Request Forgery (SSRF) into internal networks via the SMTP protocol. An unauthenticated attacker can also abuse this to weaponize the Chamilo server as an open email relay for phishing and spam campaigns, with emails appearing to originate from the server's IP address. Additionally, error responses from failed SMTP connections may disclose information about internal network topology and running services. This issue has been fixed in version 2.0.0-RC.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-mxc9-9335-45mc

Vendor Advisory

https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-33715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33715

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33715