An issue exists in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
eventum project eventum