A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated malicious users to arbitrarily add administrator accounts.
gilacms gila cms 1.11.4