← Zuruck zu CVEs
CVE-2021-47758
HIGH8.8
Beschreibung
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/15/2026
Zuletzt geandert2/3/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
chikitsa:patient_management_system
Schwachen (CWE)
CWE-434
Referenzen
https://github.com/sanskruti-technologies/chikitsa(disclosure@vulncheck.com)
https://sourceforge.net/projects/chikitsa/(disclosure@vulncheck.com)
https://www.chikitsa.io/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/50571(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.