An issue discovered in kodbox up to and including 1.43 allows malicious users to arbitrarily add Administrator accounts via crafted GET request.
kodcloud kodbox