In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
rpcms rpcms