74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
https://www.exploit-db.com/exploits/46738/
http://www.iwantacve.cn/index.php/archives/203/
http://packetstormsecurity.com/files/152603/74CMS-5.0.1-Cross-Site-Request-Forgery.html