CVE-2021-47757

HIGH

Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Backup Restoration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47757. PoCs published by 0z09e.

AI-analyzed exploit summary This exploit leverages an authenticated backup/restore mechanism in Chikitsa Patient Management System 2.0.2 to inject a PHP backdoor. It logs in, downloads a backup, modifies it to include a malicious PHP file, and uploads it back to achieve remote code execution.

Description

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.

Exploits (1)

exploitdb WORKING POC
by 0z09e · pythonwebappsphp
https://www.exploit-db.com/exploits/50572

This exploit leverages an authenticated backup/restore mechanism in Chikitsa Patient Management System 2.0.2 to inject a PHP backdoor. It logs in, downloads a backup, modifies it to include a malicious PHP file, and uploads it back to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chikitsa Patient Management System 2.0.2
Auth required
Prerequisites: Valid credentials for the target system · Network access to the target · Backup/restore functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0076
EPSS Percentile 50.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
chikitsa/patient_management_system 2.0.2
Published Jan 15, 2026
Tracked Since Feb 18, 2026