Bandsite portal system version 1.5 lacks authentication validation in its admin.php code when an administrator is added, thus allowing a remote attacker to gain administrative privileges.
5d166e4129b983e42146f8f03a2ab30cec5d84c35a9f1631e971a799a69627ba