An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
wuzhicms wuzhicms 4.1.0