diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 16291fefb..56b775604 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -410,8 +410,8 @@ class ModuleHandler extends Handler
 
 		$logged_info = Context::get('logged_info');
 
-		// check CSRF for admin actions
-		if(Context::getRequestMethod() === 'POST' && Context::isInstalled() && !checkCSRF()) {
+		// check CSRF for POST actions
+		if(Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) {
 			$this->error = 'msg_invalid_request';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 			$oMessageObject->setError(-1);
diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml
index e361bcec6..082494a63 100644
--- a/modules/member/conf/module.xml
+++ b/modules/member/conf/module.xml
@@ -62,8 +62,8 @@
 		<action name="procMemberSaveDocument" type="controller" standalone="true" />
 		<action name="procMemberDeleteSavedDocument" type="controller" standalone="true" />
 
-		<action name="procMemberFindAccount" type="controller" ruleset="findAccount" standalone="true" />
-		<action name="procMemberFindAccountByQuestion" type="controller" standalone="true" />
+		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" standalone="true" />
+		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberAuthAccount" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" standalone="true" />