# CVE-2019-19660

#Title: Cross Site Request Forgery in Network Settings
#Vendor: MAXUM Development (https://maxum.com)
#Affected Product: Rumpus FTP Web File Manager
#Tested On: Rumpus FTP Version 8.2.9.1 for Windows

Description: A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1.
By exploiting it, an attacker can manipulate the SMTP setting and other network settings via sending a crafted request to RAPR/NetworkSettingsSet.html.

Impact: An attacker can manipulate the SMTP configuration,File ownership and permission settings after exploiting this vulnerability.