CVE-2019-19663
#Title: Deleting Folders via CSRF #Vendor: MAXUM Development (https://maxum.com) #Affected Product: Rumpus FTP Web File Manager #Tested On: Rumpus FTP Version 8.2.9.1 for Windows
#Description: A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders of the authenticated users by sending a crafted request to "RAPR/FolderSetsSet.html"
Impact: An attacker can cause the victim user to carry out the create/delete folder functionality unintentionally and that will result in deletion of specified folders created by the admin or any user.