phpMyFAQ/phpMyFAQ is vulnerable to cross-site request forgery (CSRF). The vulnerability exists because it does not check CSRF token properly in user.php
, allowing the attacker to delete any active user, to remove open questions, to manipulate FAQ and FAQ news, to add votes and to add or delete glossary and comments.