CVE-2019-19662 in FTP Server
Summary
by MITRE
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/11/2025
The vulnerability identified as CVE-2019-19662 represents a critical cross-site request forgery flaw within the Rumpus FTP Server 8.2.9.1 web interface. This weakness specifically affects the Web File Manager's account management capabilities, creating a pathway for malicious actors to manipulate user accounts without proper authorization. The vulnerability manifests through the RAPR/TriggerServerFunction.html endpoint, which serves as an entry point for executing server-side functions that should require explicit user consent and authentication. The flaw stems from the absence of proper anti-CSRF tokens or validation mechanisms within the account creation and deletion workflows, allowing remote attackers to craft malicious requests that appear legitimate to the server.
The technical exploitation of this vulnerability occurs when an attacker crafts a specially formatted request to the TriggerServerFunction.html endpoint, leveraging the server's trust relationship with authenticated users. This allows the attacker to execute account creation or deletion operations on behalf of the victim, effectively bypassing the normal authentication and authorization checks that should protect these sensitive functions. The vulnerability is particularly dangerous because it operates at the web application level, where attackers can leverage social engineering techniques to trick authenticated users into visiting malicious sites that automatically submit the forged requests. This type of attack falls under the CWE-352 category, specifically addressing Cross-Site Request Forgery weaknesses where the application fails to validate that requests originate from legitimate sources.
The operational impact of this vulnerability extends beyond simple account manipulation, as it can lead to complete compromise of the FTP server's user management system. An attacker could systematically delete legitimate user accounts to disrupt services or create new accounts with elevated privileges to maintain persistent access. The vulnerability affects the integrity and availability of the file transfer service, potentially allowing unauthorized data access, modification, or deletion. Organizations relying on Rumpus FTP Server for file sharing and collaboration may face significant security implications, including potential data breaches and service disruption. The attack vector requires minimal technical expertise and can be executed through standard web browser interactions, making it particularly attractive to threat actors seeking quick and effective compromise methods.
Mitigation strategies for this vulnerability should focus on implementing robust anti-CSRF protections within the web interface. The most effective approach involves deploying unique, unpredictable tokens for each user session that must be validated before any account modification operations are permitted. Organizations should also consider implementing additional security controls such as requiring multi-factor authentication for administrative functions, implementing proper session management, and ensuring that all server-side functions validate the origin and authenticity of requests. Network-level protections including web application firewalls and access control lists can provide additional defense in depth. The remediation process should involve immediate patching of the Rumpus FTP Server software to the latest version that addresses this specific vulnerability, following security best practices outlined in the OWASP Top Ten and MITRE ATT&CK framework for web application security. Regular security assessments and penetration testing should be conducted to identify similar weaknesses in other web-based management interfaces that may be susceptible to similar CSRF attacks.