Advisory: 2019-09 CSRF Prevention with Admin Portal login

FileCloud already has cross site request forgery (CSRF) prevention measures. However, if an administrator is logged into the Admin portal and is also logged into the user portal, and then if the administrator clicks on a malicious link sent by an attacker, the CSRF measures are ignored. 

Solution

This has been fixed in FileCloud versions 19.2.0.4950 and later. 

If you are using FileCloud on premise installation, please update to the latest version.

If you are using FileCloud online, your site has already been updated to the latest version.