{"api_version":"1","generated_at":"2026-04-25T13:57:41+00:00","cve":"CVE-2019-19669","urls":{"html":"https://cve.report/CVE-2019-19669","api":"https://cve.report/api/cve/CVE-2019-19669.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-19669","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-19669"},"summary":{"title":"CVE-2019-19669","description":"A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-02-10 18:15:00","updated_at":"2020-02-11 16:13:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://github.com/harshit-shukla/CVE","name":"https://github.com/harshit-shukla/CVE","refsource":"MISC","tags":["Third Party Advisory"],"title":"GitHub - harshit-shukla/CVE: CVE's for Rumpus FTP Server","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md","name":"https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE/CVE-2019-19669.md at master · harshit-shukla/CVE · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-19669","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19669","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"19669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxum","cpe5":"rumpus_ftp","cpe6":"8.2.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"19669","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxum","cpe5":"rumpus_ftp","cpe6":"8.2.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-19669","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/harshit-shukla/CVE","url":"https://github.com/harshit-shukla/CVE"},{"refsource":"MISC","name":"https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md","url":"https://github.com/harshit-shukla/CVE/blob/master/CVE-2019-19669.md"}]}},"nvd":{"publishedDate":"2020-02-10 18:15:00","lastModifiedDate":"2020-02-11 16:13:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maxum:rumpus_ftp:8.2.9.1:*:*:*:*:windows:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"19669","Ordinal":"162042","Title":"CVE-2019-19669","CVE":"CVE-2019-19669","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"19669","Ordinal":"1","NoteData":"A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"19669","Ordinal":"2","NoteData":"2020-02-10","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"19669","Ordinal":"3","NoteData":"2020-02-10","Type":"Other","Title":"Modified"}]}}}