CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows malicious users to post a comment on any article via a crafted request.
chadhaajay phpkb 9.0