An issue exists in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
prise adas 1.7.0