CVE-2019-19854
CVE-2019-19854 affects Serpico (SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The issue is CSRF protection failure: the app does not use CSRF tokens and relies on the Origin header to validate requests. This weakness is stated to enable privilege escalation from User to Administrator when ...