Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
https://www.exploit-db.com/exploits/5627
https://exchange.xforce.ibmcloud.com/vulnerabilities/42466