CVE-2019-19668

MEDIUM

Rumpus FTP 8.2.9.1 - Cross-Site Request Forgery in File Types Component

Title source: llm

Description

A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://github.com/harshit-shukla/CVE

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19668.md

View Writeup ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0038

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (1)

maxum/rumpus_ftp 8.2.9.1

Published Feb 10, 2020

Tracked Since Feb 18, 2026