CVE-2021-47758

HIGH

Chikitsa Patient Management System - Unrestricted File Upload

Title source: rule

Description

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

Exploits (1)

exploitdb WORKING POC

by 0z09e · pythonwebappsphp

https://www.exploit-db.com/exploits/50571

View Code ZIP pw:eip

References (4)

[Product] https://github.com/sanskruti-technologies/chikitsa

[Product] https://sourceforge.net/projects/chikitsa/

[Product] https://www.chikitsa.io/

[Exploit, VDB Entry] https://www.exploit-db.com/exploits/50571

Scores

CVSS v3 8.8

EPSS 0.0066

EPSS Percentile 71.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

chikitsa/patient_management_system 2.0.2

Published Jan 15, 2026

Tracked Since Feb 18, 2026