CVE-2019-19667
#Title: Controlling Allow/Block List via CSRF #Vendor: MAXUM Development (https://maxum.com) #Affected Product: Rumpus FTP Web File Manager #Tested On: Rumpus FTP Version 8.2.9.1 for Windows
#Description: A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address by sending a crafted request to "RAPR/BlockedClients.html"
Impact: An attacker can cause the victim user to whitelist or block any IP unintentionally.