Rumpus Security Vulnerabilities and Issues — Rumpus CVE List

Lucene search

MaxumRumpus

5 matches found

CVE•added 2020/02/10 4:15 p.m.•41 views

CVE-2019-19659

A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.

8.8CVSS8.7AI score0.00177EPSS

CVE•added 2021/03/08 9:15 p.m.•34 views

CVE-2020-27574

Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.

8.8CVSS8.5AI score0.00202EPSS

CVE•added 2023/01/12 4:15 p.m.•33 views

CVE-2022-46368

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.

8.8CVSS7.8AI score0.00053EPSS

CVE•added 2023/01/12 4:15 p.m.•32 views

CVE-2022-46367

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.

8.8CVSS8.1AI score0.00047EPSS

CVE•added 2021/03/08 10:15 p.m.•30 views

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.

8.8CVSS8.8AI score0.07934EPSS