A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows malicious users to arbitrarily add an admin account.
seacms seacms