平台
symfony
组件
symfony
修复版本
2.0.1
CVE-2026-33715 is a Server-Side Request Forgery (SSRF) vulnerability affecting Chamilo LMS, an open-source learning management system. This flaw allows an unauthenticated attacker to specify an arbitrary Symfony Mailer DSN string, enabling them to connect to attacker-controlled SMTP servers and potentially access internal networks. The vulnerability exists in versions 2.0-RC.2 and has been resolved in version 2.0.0-RC.3.
CVE-2026-33715 in Chamilo LMS (version 2.0-RC.2) allows an attacker to send emails through an attacker-controlled SMTP server. This is due to the public/main/inc/ajax/install.ajax.php file being accessible without authentication on fully installed instances, and the test_mailer action accepting an arbitrary Symfony Mailer DSN string from POST data. The lack of proper DSN string validation allows an attacker to specify the SMTP server, port, username, and password, resulting in unauthorized email sending. This vulnerability could be used for spamming, phishing, or even stealing confidential information contained in emails.
An attacker could exploit this vulnerability by sending a POST request to the public/main/inc/ajax/install.ajax.php file with a malicious DSN string pointing to their own SMTP server. The attacker needs access to the network where Chamilo LMS is running but does not require valid authentication credentials. The ease of exploitation and the potential impact on data confidentiality and integrity make this vulnerability a significant concern.
漏洞利用状态
EPSS
0.07% (21% 百分位)
CISA SSVC
CVSS 向量
The solution to this vulnerability is to upgrade Chamilo LMS to version 2.0.0-RC.3 or higher. This version fixes the issue by including authentication verification and installation completion checks in the install.ajax.php file. In the meantime, as a temporary measure, it is recommended to restrict access to the public/main/inc/ajax/install.ajax.php file through a firewall or role-based access configurations. Additionally, monitor server logs for any suspicious activity related to email sending.
Actualice Chamilo LMS a la versión 2.0.0-RC.3 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la falta de autenticación en la acción `test_mailer` de `install.ajax.php`, previniendo SSRF y el uso del servidor como un relay de correo abierto.
漏洞分析和关键警报直接发送到您的邮箱。
A DSN (Data Source Name) string is a text string containing configuration information to connect to a database or, in this case, an SMTP server.
Upgrading is crucial to mitigate the risk of exploitation of this vulnerability and protect the integrity and confidentiality of data.
Restrict access to the install.ajax.php file and monitor server logs for suspicious activity.
Yes, it affects all Chamilo LMS installations using version 2.0-RC.2.
Currently, there are no automated tools available, but verifying the Chamilo LMS version is sufficient to determine vulnerability.