#Title: Manipulating Event Notices via CSRF #Vendor: MAXUM Development (https://maxum.com) #Affected Product: Rumpus FTP Web File Manager #Tested On: Rumpus FTP Version 8.2.9.1 for Windows
#Description: A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices by sending a crafted request to "RAPR/EventNoticesSet.html"
Impact: An attacker can cause the victim user to Create/Update Event notices for Email, Batch Scripts and Data File unintentionally.