## Critical Vulnerability Information ### Vulnerability Overview - **CVE ID**: CVE-2026-1745 - **Vulnerability Type**: Cross-Site Request Forgery (CSRF) - **Impact**: Arbitrary Medical Certificate Deletion ### Product Information - **Product Name**: SourceCodester Medical Certificate Generator App - **Vendor**: SourceCodester - **Product URL**: [Link](https://www.sourcecodester.com/php/16105/medical-certificate-generator-app-using-php-and-mysql-free-download.html) ### Vulnerability Description The application is vulnerable to CSRF attacks due to the lack of proper CSRF protection, allowing attackers to delete medical certificate records at will by tricking authenticated users into submitting malicious requests. ### Proof of Concept (PoC) Attackers can host the following malicious HTML page and trick logged-in users into visiting it: ```html history.pushState('', '', '/'); document.forms[0].submit(); ``` ### Reproduction Steps 1. Log in to the application with a valid user account 2. Keep the session active 3. Open the CSRF PoC HTML file in the browser 4. Click "Submit request" 5. The medical certificate record with the specified ID is deleted ### Impact - Arbitrary deletion of medical certificates - Loss of sensitive medical records - Compromised application data integrity - Potential for abuse via phishing or malicious links ### Root Cause - Absence of CSRF tokens - Lack of server-side CSRF validation - Authorization relying solely on session cookies - No enforcement of SameSite cookie attribute ### Recommended Mitigation - Implement CSRF tokens for all state-changing requests - Validate CSRF tokens on the server side - Enforce strict origin and referrer validation ### Discoverer Mo Asim (also known as Asim Qazi), Student | Security Researcher - GitHub: [Link](https://github.com/Asim-Qazi) - LinkedIn: [Link](https://www.linkedin.com/in/masimqazi)