CVE-2026-1745 - Vulnerability Details

- SourceCodester Medical Certificate Generator App cross-site request forgery

Description

A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Published: 2026-02-02

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a cross‑site request forgery flaw in the SourceCodester Medical Certificate Generator App 1.0, classified as CWE‑352 and also exposing an access‑control weakness (CWE‑862). The flaw allows an attacker to craft a page that automatically submits a request to the application while a victim has an active authenticated session, leading to deletion or manipulation of medical certificate records without the user’s consent. The problem is remotely exploitable; the exploit is publicly disclosed and can be used by any actor that can lure a logged‑in user to a malicious site.

Affected Systems

SourceCodester’s Medical Certificate Generator App version 1.0. No other products or versions are mentioned as affected in the CNA data.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate severity, while the EPSS score of less than 1 % suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread attacks. Exploitation requires a victim to be logged into the application at the time the malicious page is visited, making the attack somewhat opportunistic but still dangerous if users regularly access the app from shared or public devices.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Medical Certificate Generator App

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:oretnom23:medical_certificate_generator_app:1.0:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Sourcecodester	Medical Certificate Generator App	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the SourceCodester Medical Certificate Generator App to a version that includes proper CSRF protection.
Implement server‑side CSRF token validation for all state‑changing requests and generate a unique token per user session.
Configure the session cookie with the SameSite attribute set to Strict or Lax to reduce the chance of cross‑site requests being sent by the browser.
Enforce role‑based access control for the delete operation so that only authorized administrators can delete medical certificates.

Generated by OpenCVE AI on April 18, 2026 at 00:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion
https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion#proof-of-concept-csrf-exploit
https://vuldb.com/?ctiid.343676
https://vuldb.com/?id.343676
https://vuldb.com/?submit.742653
https://www.sourcecodester.com/

History

Tue, 10 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oretnom23 Oretnom23 medical Certificate Generator App
CPEs		cpe:2.3:a:oretnom23:medical_certificate_generator_app:1.0:::::::*
Vendors & Products		Oretnom23 Oretnom23 medical Certificate Generator App

Tue, 03 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sourcecodester Sourcecodester medical Certificate Generator App
Vendors & Products		Sourcecodester Sourcecodester medical Certificate Generator App

Mon, 02 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 02 Feb 2026 05:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Title		SourceCodester Medical Certificate Generator App cross-site request forgery
Weaknesses		CWE-352 CWE-862
References		https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion#proof-of-concept-csrf-exploit https://vuldb.com/?ctiid.343676 https://vuldb.com/?id.343676 https://vuldb.com/?submit.742653 https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Oretnom23 Medical Certificate Generator App

Sourcecodester Medical Certificate Generator App

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-02T05:02:07.076Z

Updated: 2026-02-23T09:14:17.741Z

Reserved: 2026-02-01T16:39:32.917Z

Link: CVE-2026-1745

Vulnrichment

Updated: 2026-02-02T17:51:42.470Z

NVD

Status : Analyzed

Published: 2026-02-02T06:16:20.947

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1745

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T00:45:32Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object