## CVE-2026-1745 - Cross-Site Request Forgery (CSRF) - Arbitrary Medical Certificate Deletion ### Product Information - **Product Name**: SourceCodester Medical Certificate Generator Application - **Vendor**: SourceCodester - **Product URL**: [SourceCodester](https://www.sourcecodester.com/php/16105/medical-certificate-generator-app-using-php-and-mysql-free-download.html) ### Vulnerability Overview The SourceCodester Medical Certificate Generator Application is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to delete medical certificate records arbitrarily by tricking authenticated users into submitting malicious requests. The affected endpoint processes state-changing POST requests without any Anti-CSRF protection mechanisms, such as unique CSRF tokens, strict origin or referrer validation, or SameSite cookie restrictions. The application relies solely on session cookies for request authorization, making it susceptible to CSRF attacks. ### Proof of Concept (CSRF Exploitation) An attacker can host the following malicious HTML page and trick a logged-in victim into accessing it. ```html history.pushState('','','./'); document.forms[0].submit(); ``` ### Reproduction Steps 1. Log in to the application with a valid user account 2. Keep the session active 3. Open the CSRF HTML file in the browser 4. Click "Submit request" The medical record with the specified ID is deleted. ### Impact - Arbitrary deletion of medical certificates - Loss of sensitive medical records - Compromised application data integrity - Potential for abuse via phishing or malicious links ### Root Cause - Absence of CSRF tokens - Lack of server-side CSRF validation - Complete reliance on session cookie authorization - No SameSite cookie enforcement ### Recommended Remediation - Implement CSRF tokens for all state-changing requests - Validate CSRF tokens on the server side - Enforce strict origin and referrer checks ### Discoverer Mo Asim (also known as Asim Qazi) - Student | Security Researcher