CVE-2021-47758

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-47758
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/sanskruti-technologies/chikitsa Product
https://sourceforge.net/projects/chikitsa/ Product
https://www.chikitsa.io/ Product
https://www.exploit-db.com/exploits/50571 Exploit VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:chikitsa:patient_management_system:2.0.2:*:*:*:*:*:*:*
History

17 Jun 2026, 04:18

Type Values Removed Values Added
Summary
  • (es) Chikitsa Patient Management System 2.0.2 contiene una vulnerabilidad de ejecución remota de código autenticada que permite a los atacantes subir plugins PHP maliciosos a través de la funcionalidad de carga de módulos. Los atacantes autenticados pueden generar y subir un plugin ZIP con una puerta trasera PHP que permite la ejecución arbitraria de comandos en el servidor a través de un script PHP armado.

03 Feb 2026, 17:53

Type Values Removed Values Added
First Time Chikitsa patient Management System
Chikitsa
CPE cpe:2.3:a:chikitsa:patient_management_system:2.0.2:*:*:*:*:*:*:*
References () https://github.com/sanskruti-technologies/chikitsa - () https://github.com/sanskruti-technologies/chikitsa - Product
References () https://sourceforge.net/projects/chikitsa/ - () https://sourceforge.net/projects/chikitsa/ - Product
References () https://www.chikitsa.io/ - () https://www.chikitsa.io/ - Product
References () https://www.exploit-db.com/exploits/50571 - () https://www.exploit-db.com/exploits/50571 - Exploit, VDB Entry

15 Jan 2026, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-15 16:16

Updated : 2026-06-17 04:18

NVD link : CVE-2021-47758

Mitre link : CVE-2021-47758

CVE.ORG link : CVE-2021-47758

JSON object : View

Products Affected

chikitsa

  • patient_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type