CVE-2021-47758

HIGH

Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Malicious Plugin Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47758. PoCs published by 0z09e.

AI-analyzed exploit summary This exploit demonstrates an authenticated RCE vulnerability in Chikitsa Patient Management System 2.0.2 by uploading a malicious plugin via the module upload functionality. The plugin contains a PHP backdoor that allows command execution via HTTP requests.

Description

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

Exploits (1)

exploitdb WORKING POC
by 0z09e · pythonwebappsphp
https://www.exploit-db.com/exploits/50571

This exploit demonstrates an authenticated RCE vulnerability in Chikitsa Patient Management System 2.0.2 by uploading a malicious plugin via the module upload functionality. The plugin contains a PHP backdoor that allows command execution via HTTP requests.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chikitsa Patient Management System 2.0.2
Auth required
Prerequisites: Valid credentials for the target system · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0084
EPSS Percentile 53.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
chikitsa/patient_management_system 2.0.2
Published Jan 15, 2026
Tracked Since Feb 18, 2026