CVE-2026-33710 Chamilo — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.5 (HIGH)
Affected Versions	before 1.11.38
Fixed In	1.11.38
Type	CWE-330
Vendor	Chamilo
Public PoC	No

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp + user_id*5 - 10000).

An attacker who knows a username and approximate key creation time can brute-force the API key. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-330

Vulnerable Products 11

Configuration	From (including)	Up to (excluding)
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms::::::::	—	`1.11.38`
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha1::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha2::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha3::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha4::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha5::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta1::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta2::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta3::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc1::::::	—	—
Chamilo Chamilo_Lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc2::::::	—	—