FileCloud already has cross site request forgery (CSRF) prevention measures. However, if an administrator is logged into the Admin portal and is also logged into the user portal, and then if the administrator clicks on a malicious link sent by an attacker, the CSRF measures are ignored.
This has been fixed in FileCloud versions 18.104.22.16850 and later.
If you are using FileCloud on premise installation, please update to the latest version.
If you are using FileCloud online, your site has already been updated to the latest version.