A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows malicious users to arbitrarily add Super Administrator account.
metinfo metinfo 7.7