In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.Referenceshttps://github.com/caokang/waimai/issues/2
