8.8
CVE-2021-47758
- EPSS 0.84%
- Veröffentlicht 15.01.2026 15:52:05
- Zuletzt bearbeitet 03.02.2026 17:53:31
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginChikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chikitsa ≫ Patient Management System Version2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.53 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.chikitsa.io/
https://github.com/sanskruti-technologies/chikitsa
https://sourceforge.net/projects/chikitsa/
https://www.exploit-db.com/exploits/50571