CVE-2021-47757

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/sanskruti-technologies/chikitsa	Product
https://sourceforge.net/projects/chikitsa/	Product
https://www.chikitsa.io/	Product
https://www.exploit-db.com/exploits/50572	Exploit VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:chikitsa:patient_management_system:2.0.2:*:*:*:*:*:*:*

History

17 Jun 2026, 04:18

Type	Values Removed	Values Added
Summary		(es) Chikitsa Patient Management System 2.0.2 contiene una vulnerabilidad de ejecución remota de código autenticada en la funcionalidad de restauración de copias de seguridad. Atacantes autenticados pueden subir un archivo zip de copia de seguridad modificado con un shell PHP malicioso para ejecutar comandos de sistema arbitrarios en el servidor.

23 Jan 2026, 18:17

Type	Values Removed	Values Added
References	~~() https://github.com/sanskruti-technologies/chikitsa -~~	() https://github.com/sanskruti-technologies/chikitsa - Product
References	~~() https://sourceforge.net/projects/chikitsa/ -~~	() https://sourceforge.net/projects/chikitsa/ - Product
References	~~() https://www.chikitsa.io/ -~~	() https://www.chikitsa.io/ - Product
References	~~() https://www.exploit-db.com/exploits/50572 -~~	() https://www.exploit-db.com/exploits/50572 - Exploit, VDB Entry
CPE		cpe:2.3:a:chikitsa:patient_management_system:2.0.2:::::::*
First Time		Chikitsa patient Management System Chikitsa

15 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-15 16:16

Updated : 2026-06-17 04:18

NVD link : CVE-2021-47757

Mitre link : CVE-2021-47757

CVE.ORG link : CVE-2021-47757

JSON object : View

Products Affected

chikitsa

patient_management_system

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-47757", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2021-47757", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-01-15T17:56:53.091210Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "dharashah", "product": "Chikitsa Patient Management System", "versions": [{"status": "affected", "version": "2.0.2"}]}]}], "published": "2026-01-15T16:16:06.510", "references": [{"url": "https://github.com/sanskruti-technologies/chikitsa", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://sourceforge.net/projects/chikitsa/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.chikitsa.io/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50572", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server."}, {"lang": "es", "value": "Chikitsa Patient Management System 2.0.2 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada en la funcionalidad de restauraci\u00f3n de copias de seguridad. Atacantes autenticados pueden subir un archivo zip de copia de seguridad modificado con un shell PHP malicioso para ejecutar comandos de sistema arbitrarios en el servidor."}], "lastModified": "2026-06-17T04:18:25.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chikitsa:patient_management_system:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B5051D5-3E76-4B85-931A-332E8A59244F"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}