njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.