CVE-2026-33715

Name of the Vulnerable Software and Affected Versions Chamilo LMS version 2.0-RC.2

Description The file 'public/main/inc/ajax/install.ajax.php' is accessible without authentication on fully installed instances because it lacks the inclusion of the global.inc.php file, which handles authentication and installation checks. The test mailer action accepts an arbitrary Symfony Mailer DSN string via POST data to connect to a specified SMTP server. This allows an unauthenticated attacker to perform Server-Side Request Forgery (SSRF), a technique where the server is induced to make requests to internal network resources, via the SMTP protocol. This can be used to turn the server into an open email relay for phishing and spam, or to disclose internal network topology and running services through error responses from failed connections.

Recommendations Update version 2.0-RC.2 to version 2.0.0-RC.3.