CVE-2019-19665
#Title: Manipulation of FTP Configuration via CSRF #Vendor: MAXUM Development (https://maxum.com) #Affected Product: Rumpus FTP Web File Manager #Tested On: Rumpus FTP Version 8.2.9.1 for Windows
#Description: A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings by sending a crafted request to "RAPR/FTPSettingsSetRAPR/FTPSettingsSet.html"
An attacker can manipulate the following FTP settings,
- Enabling/Disabling FTP
- FTP Port
- Security Settings
- Logs
- Welcome/Goodbye Messages
- Timeouts
#Impact: An attacker can cause the victim user to manipulate the FTP configuration unintentionally.