Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Chamilo Use of Insufficiently Random Values Vulnerability - CVE-2026-33710 - Vulnerability Database
Chamilo

Chamilo Use of Insufficiently Random Values Vulnerability - CVE-2026-33710

High
Reference: CVE-2026-33710
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33710
Title: Chamilo Use of Insufficiently Random Values Vulnerability
Overview:

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3 REST API keys are generated using md5(time() (user_id 5) - rand(10000 10000)). The rand(10000 10000) call always returns exactly 10000 (min max) making the formula effectively md5(timestamp user_id5 - 10000). An attacker who knows a username and approximate key creation time can brute-force the API key. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.