njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected