An attacker can force the user to submit data of the attacker’s choice. In short, the attacker can make changes and post data on behalf of the user.
What can happen?
The impact depends on the kind of input that is vulnerable against CSRF. A common example is to change settings, e.g. disabling authorisation, changing passwords or emails, etc.
When the vulnerable field s the login field, this vulnerability is called Login CSRF. Our article explaining Login CSRF covers some additional examples.
Code example and remediation
See our article about Login CSRF for code example and remediation: http://support.detectify.com/customer/portal/articles/1969819-login-csrf