Home

Description

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-15 | Updated 2026-01-15 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

2.0.2
affected

Credits

0z09e finder

References

www.exploit-db.com/exploits/50571 (ExploitDB-50571) exploit

www.chikitsa.io/ (Product Webpage) product

github.com/sanskruti-technologies/chikitsa (Product GitHub Repository) product

sourceforge.net/projects/chikitsa/ (Product Sourceforge Page) product

cve.org (CVE-2021-47758)

nvd.nist.gov (CVE-2021-47758)

Download JSON