A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
References
Link | Resource |
---|---|
https://github.com/harshit-shukla/CVE | Third Party Advisory |
https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19659.md | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-02-10 16:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-19659
Mitre link : CVE-2019-19659
CVE.ORG link : CVE-2019-19659
JSON object : View
Products Affected
maxum
- rumpus
CWE
CWE-352
Cross-Site Request Forgery (CSRF)