An issue exists in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
jizhicms jizhicms 2.3.1