Cross-Site Request Forgery (CSRF) is a vulnerability that allows a malicious user to make actions in an application, using the information stored in other applications. For example, imagine the scenario where you are logged in to different applications using just one network, which is a social network. If you send a request to the other sites, they will apply changes or actions, because they are using the information you have provided to the central application.
So, a malicious user can exploit an application by creating a fake form or fake URL to perform an action in that application. This forces the user to execute the application without his knowledge. For example, look at this HTML code, which has a hidden link into an <img> tag:
<img src="https://www.company.example/action" width="0" height="0">
In the beginning...