CVE-2019-19659 in FTP Server
Summary
by MITRE
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/11/2025
The vulnerability identified as CVE-2019-19659 represents a critical cross-site request forgery flaw within the Rumpus FTP Server version 8.2.9.1 web interface. This weakness specifically targets the Web File Manager's Edit Accounts functionality, creating a significant security risk for organizations relying on this file transfer solution. The vulnerability stems from the absence of proper anti-CSRF mechanisms in the affected web application components, particularly when processing requests related to account management operations.
The technical implementation of this CSRF vulnerability allows attackers to manipulate user sessions through maliciously crafted web requests that appear legitimate to the server. When users navigate to compromised web pages or click on malicious links while authenticated to the Rumpus FTP Server interface, the server processes requests without validating the authenticity of the originating source. This occurs because the application fails to implement anti-CSRF tokens or other validation mechanisms that would ensure requests originate from legitimate user interactions within the intended application context. The vulnerability specifically affects the RAPR/DefineUsersSet.html endpoint, which handles user account modifications and privilege escalation operations.
The operational impact of this vulnerability extends beyond simple account takeover scenarios, as it provides attackers with comprehensive control over user accounts within the Rumpus FTP Server environment. Successful exploitation enables attackers to change user passwords, modify account details, and potentially escalate privileges to administrative levels. This capability fundamentally undermines the authentication and authorization mechanisms of the FTP server, allowing unauthorized individuals to gain persistent access to sensitive file systems and potentially compromise entire network infrastructures. The vulnerability affects all users authenticated to the web interface, making it particularly dangerous in environments where multiple users maintain access to critical file repositories.
Security professionals should note this vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in web applications. The flaw also maps to ATT&CK technique T1078.004, which covers valid accounts with compromised credentials, as the vulnerability enables unauthorized access to legitimate user accounts through session manipulation. Organizations should implement immediate mitigations including the deployment of web application firewalls that can detect and block CSRF attacks, the implementation of anti-CSRF tokens across all user management functions, and the enforcement of multi-factor authentication for privileged accounts. Additionally, administrators should consider disabling unnecessary web management interfaces when possible, applying the latest software patches from the vendor, and conducting thorough security assessments of all web-based administrative interfaces to identify similar vulnerabilities that may exist in other components of the file transfer infrastructure.