Plattform
symfony
Komponente
symfony
Behoben in
2.0.1
CVE-2026-33715 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Chamilo LMS. This flaw allows an unauthenticated attacker to craft SMTP connections through the test_mailer action, potentially gaining access to internal network resources. The vulnerability impacts versions prior to 2.0.0-RC.3, and a patch has been released to address the issue.
The SSRF vulnerability in Chamilo LMS allows an attacker to initiate SMTP connections using a malicious DSN string provided through a POST request. Because the install.ajax.php file lacks authentication checks present in other AJAX endpoints, an unauthenticated user can exploit this. This enables the attacker to send emails through the server, potentially accessing internal services and data that are only accessible via SMTP. The attacker could scan internal ports, access internal web applications, or even exfiltrate sensitive data by relaying it through the compromised LMS server. The blast radius extends to any internal network segments accessible via SMTP from the LMS server.
CVE-2026-33715 was publicly disclosed on 2026-04-14. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's simplicity suggests it could be easily exploited. The SSRF nature of the vulnerability makes it a potential target for automated scanning and exploitation attempts.
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-33715 is to upgrade Chamilo LMS to version 2.0.0-RC.3 or later, which includes the necessary authentication checks. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the install.ajax.php endpoint or filter the DSN string input to prevent arbitrary SMTP server specification. Additionally, restrict network access to the LMS server to only necessary ports and services to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the vulnerability is resolved by attempting to access the install.ajax.php endpoint and verifying that authentication is required.
Aktualisieren Sie Chamilo LMS auf Version 2.0.0-RC.3 oder höher, um die Verwundbarkeit zu mindern. Dieses Update behebt den Authentifizierungsfehler in der `test_mailer`-Aktion von `install.ajax.php` und verhindert SSRF sowie die Verwendung des Servers als offener E-Mail-Relay.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
A DSN (Data Source Name) string is a text string containing configuration information to connect to a database or, in this case, an SMTP server.
Upgrading is crucial to mitigate the risk of exploitation of this vulnerability and protect the integrity and confidentiality of data.
Restrict access to the install.ajax.php file and monitor server logs for suspicious activity.
Yes, it affects all Chamilo LMS installations using version 2.0-RC.2.
Currently, there are no automated tools available, but verifying the Chamilo LMS version is sufficient to determine vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.