The vulnerability explicitly affects the /admin/sign/out endpoint. In web frameworks following MVC patterns like Yii (which easyii uses), this would map to an actionOut method in a SignController. CSRF vulnerabilities occur when state-changing operations lack token validation. The public exploit disclosure and GitHub issue #222 confirm this endpoint accepts unauthenticated POST requests without CSRF checks, making actionOut the clear vulnerable function.