Welcome
Are you asking about the token-manipulation exploit, or are you looking at a security audit for a Pico CMS server deployment? [OSCP Practice Series 14] Proving Grounds — PlanetExpress
Version names like "3.0.0-alpha.2" indicate that the software is in an alpha stage pico 300alpha2 exploit link
One of the primary attack vectors for embedded devices is modifying the firmware. Are you asking about the token-manipulation exploit, or