An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.Referenceshttps://github.com/wu610777031/My_CMSHunter/blob/main/zbzcms%20v1.0%20vulnerabilities.pdf
