Cross Site Request Forgery (CSRF)

phpMyFAQ/phpMyFAQ is vulnerable to cross-site request forgery (CSRF). The vulnerability exists because it does not check CSRF token properly in user.php, allowing the attacker to delete any active user, to remove open questions, to manipulate FAQ and FAQ news, to add votes and to add or delete glossary and comments.