CVE-2024-22202: 
PHP vulnerability analysis and mitigation

CVE-2024-22202 affects phpMyFAQ, an open source FAQ web application for PHP 8.1+ and MySQL/PostgreSQL databases. The vulnerability was discovered and disclosed on February 5, 2024, and has been patched in version 3.2.5. The issue allows attackers to spoof user details on the user removal page, potentially leading to unauthorized account deletions (GitHub Advisory).

The vulnerability exists in phpMyFAQ's user removal page where an attacker can bypass frontend restrictions by intercepting and modifying form requests through a proxy. While the frontend interface prevents modification of form details, the backend lacks proper validation of user identity. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N by NIST, and 5.7 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H by GitHub (NVD).

When exploited, the vulnerability allows attackers to submit account deletion requests impersonating other users. Administrators receive these spoofed deletion requests with no way to distinguish between legitimate requests and malicious ones. This can lead to unauthorized account deletions and potential service disruption for legitimate users (GitHub Advisory).

The vulnerability has been fixed in phpMyFAQ version 3.2.5 through the addition of proper user validation checks. The patch implements verification of user ID, username, and email to ensure the request comes from the legitimate account owner (GitHub Patch).