CVE-2019-13370

index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator.
Source: NIST
CVE-2019-13370