Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.Referenceshttp://secunia.com/advisories/24536http://osvdb.org/34234https://exchange.xforce.ibmcloud.com/vulnerabilities/33014https://www.exploit-db.com/exploits/3489
