CVE-2019-15128 – iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.

iF.SVNAdmin is Web-based GUI to manage Subversion repositories and User/Group permissions with LDAP support. This management interface is vulnerable to CSRF on the User Creation function, leading to arbitrary SVN repository user creation, with subsequent access to underlying repository code.

Proof of Concept example: