CVE-2019-19663: 
Rumpus vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. The vulnerability was disclosed on February 10, 2020. This security flaw affects the Maxum Rumpus FTP Server software, specifically version 8.2.9.1 (NVD, GitHub Advisory).

The vulnerability exists in the Folder Sets Settings component accessible via RAPR/FolderSetsSet.html. The CVSS v3.1 base score is 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The vulnerability is classified as CWE-352: Cross-Site Request Forgery (NVD).

The vulnerability allows an attacker to create and delete folders on behalf of authenticated users without their knowledge or consent. When successfully exploited, this can result in unauthorized deletion of specified folders created by administrators or other users (GitHub Advisory).

The vulnerability affects Rumpus FTP version 8.2.9.1. Users should upgrade to a patched version of the software if available. Additionally, implementing CSRF tokens and proper request validation can help prevent such attacks (NVD).