diff --git a/include/upgrader/prereq.inc.php b/include/upgrader/prereq.inc.php
index 814c76fff32403b227efbf26bcf490f757dc8d83..d32fc328fbe3dd51759ddbaee6f58ac25d862aa2 100644
--- a/include/upgrader/prereq.inc.php
+++ b/include/upgrader/prereq.inc.php
@@ -27,6 +27,7 @@ if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access D
</ul>
<div id="bar">
<form method="post" action="upgrade.php" id="prereq">
+ <?php csrf_token(); ?>
<input type="hidden" name="s" value="prereq">
<input class="btn" type="submit" name="submit" value="Start Upgrade Now »">
</form>
diff --git a/include/upgrader/rename.inc.php b/include/upgrader/rename.inc.php
index 6d449567f247902466e73878d752949b97f52c0c..0b649bfa0a3dc1902e0aad168573719eab905bde 100644
--- a/include/upgrader/rename.inc.php
+++ b/include/upgrader/rename.inc.php
@@ -18,6 +18,7 @@ if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access D
<p>Please refer to the <a target="_blank" href="http://osticket.com/wiki/Upgrade_and_Migration">Upgrade Guide</a> for more information.</p>
<div id="bar">
<form method="post" action="upgrade.php">
+ <?php csrf_token(); ?>
<input type="hidden" name="s" value="prereq">
<input class="btn" type="submit" name="submit" value="Continue »">
</form>
diff --git a/include/upgrader/upgrade.inc.php b/include/upgrader/upgrade.inc.php
index 9e95af3ff030e87d3f1af20881f44b842fc7c769..7c8a8aae47e692d9337a51c46a46f2114c4a2848 100644
--- a/include/upgrader/upgrade.inc.php
+++ b/include/upgrader/upgrade.inc.php
@@ -18,6 +18,7 @@ $action=$upgrader->getNextAction();
</ul>
<div id="bar">
<form method="post" action="upgrade.php" id="upgrade">
+ <?php csrf_token(); ?>
<input type="hidden" name="s" value="upgrade">
<input type="hidden" name="sh" value="<?php echo $upgrader->getSchemaSignature(); ?>">
<input class="btn" type="submit" name="submit" value="Do It Now!">