Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The attacks exist because the checking of session keys is not done in markposts.php
, allowing an attacker to hijack an authentication of user for requests that marks forum posts as read.