CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows malicious users to reply to any ticket, given the id, via a crafted request.
chadhaajay phpkb 9.0