qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.