Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows malicious users to create an admin user with an arbitrary credentials.