{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1745", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-01T16:39:32.917Z", "datePublished": "2026-02-02T05:02:07.076Z", "dateUpdated": "2026-02-23T09:14:17.741Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:14:17.741Z"}, "title": "SourceCodester Medical Certificate Generator App cross-site request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "Cross-Site Request Forgery"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "Missing Authorization"}]}], "affected": [{"vendor": "SourceCodester", "product": "Medical Certificate Generator App", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-03T05:57:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "moasim (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343676", "name": "VDB-343676 | SourceCodester Medical Certificate Generator App cross-site request forgery", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.343676", "name": "VDB-343676 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.742653", "name": "Submit #742653 | SourceCodester Medical Certificate Generator App 1.0 Cross-Site Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion", "tags": ["related"]}, {"url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion#proof-of-concept-csrf-exploit", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T17:51:37.389670Z", "id": "CVE-2026-1745", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T17:51:45.275Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1745", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T17:51:37.389670Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T17:51:42.470Z"}}], "cna": {"tags": ["x_freeware"], "title": "SourceCodester Medical Certificate Generator App cross-site request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "moasim (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "product": "Medical Certificate Generator App", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-01T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-03T05:57:21.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343676", "name": "VDB-343676 | SourceCodester Medical Certificate Generator App cross-site request forgery", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.343676", "name": "VDB-343676 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.742653", "name": "Submit #742653 | SourceCodester Medical Certificate Generator App 1.0 Cross-Site Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion", "tags": ["related"]}, {"url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion#proof-of-concept-csrf-exploit", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "Cross-Site Request Forgery"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:14:17.741Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1745", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:14:17.741Z", "dateReserved": "2026-02-01T16:39:32.917Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-02T05:02:07.076Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:medical_certificate_generator_app:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6B30879-9A3B-4AF4-B249-1984FC227BF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in SourceCodester Medical Certificate Generator App 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en la aplicaci\u00f3n SourceCodester Medical Certificate Generator App 1.0. Esto afecta una parte desconocida. Esta manipulaci\u00f3n causa falsificaci\u00f3n de petici\u00f3n en sitios cruzados. La explotaci\u00f3n remota del ataque es posible. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-1745", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-02T06:16:20.947", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion#proof-of-concept-csrf-exploit"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.343676"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.343676"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.742653"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:45:09.690916+00:00", "value": {"mitigation_remediation": ["Upgrade the SourceCodester Medical Certificate Generator App to a version that includes proper CSRF protection.", "Implement server\u2011side CSRF token validation for all state\u2011changing requests and generate a unique token per user session.", "Configure the session cookie with the SameSite attribute set to Strict or Lax to reduce the chance of cross\u2011site requests being sent by the browser.", "Enforce role\u2011based access control for the delete operation so that only authorized administrators can delete medical certificates."], "summary": {"action": "Apply Patch", "impact": "Unintended medical certificate deletion via Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "SourceCodester\u2019s Medical Certificate Generator App version\u202f1.0. No other products or versions are mentioned as affected in the CNA data.", "description_and_impact": "The vulnerability is a cross\u2011site request forgery flaw in the SourceCodester Medical Certificate Generator App 1.0, classified as CWE\u2011352 and also exposing an access\u2011control weakness (CWE\u2011862). The flaw allows an attacker to craft a page that automatically submits a request to the application while a victim has an active authenticated session, leading to deletion or manipulation of medical certificate records without the user\u2019s consent. The problem is remotely exploitable; the exploit is publicly disclosed and can be used by any actor that can lure a logged\u2011in user to a malicious site.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate severity, while the EPSS score of less than 1\u202f% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread attacks. Exploitation requires a victim to be logged into the application at the time the malicious page is visited, making the attack somewhat opportunistic but still dangerous if users regularly access the app from shared or public devices."}}}}, "created": "2026-02-02T09:26:12.488747+00:00", "updated": "2026-04-18T00:45:32.248882+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$medical_certificate_generator_app"]}