CVE-2026-33715
Chamilo LMS “CVE-2026-33715” affects version 2.0-RC.2 where public/main/inc/ajax/install.ajax.php is accessible without authentication, bypassing global.inc.php authentication and installation-completed checks. The test_mailer action accepts an arbitrary Symfony Mailer DSN from POST data and uses...