CVE-2021-47757
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sanskruti_technologies | chikitsa | 2.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System version 2.0.2. An attacker with valid credentials can download a backup ZIP file of the system, modify it by injecting a malicious PHP web shell into the backup, and then re-upload the modified backup. Once restored, this backdoor allows the attacker to execute arbitrary system commands on the server remotely. [1]
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary system commands on the server hosting the Chikitsa Patient Management System. This can lead to full compromise of the server, unauthorized access to sensitive patient data, disruption of healthcare services, and potential further attacks on the network or connected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the malicious PHP shell file named 'rce.php' in the '/uploads/restore_backup/uploads/media/' directory on the server. You can also monitor HTTP requests to the endpoints '/index.php/login/valid_signin', '/index.php/settings/take_backup/', and '/index.php/settings/restore_backup' for suspicious activity involving backup download and restoration. Additionally, you can try accessing the backdoor by sending a command via the 'cmd' parameter to '/uploads/restore_backup/uploads/media/rce.php'. For example, you can use curl commands to test for the backdoor: 1. Check if the backdoor exists: curl -I http://<server>/uploads/restore_backup/uploads/media/rce.php 2. Execute a simple command: curl "http://<server>/uploads/restore_backup/uploads/media/rce.php?cmd=whoami" Replace <server> with your server's address. These steps require authenticated access to the system to fully verify the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting and monitoring authenticated access to the Chikitsa Patient Management System, especially to the backup and restore functionalities. Disable or restrict the ability to upload and restore backups until a patch or fix is applied. Inspect the server for any uploaded 'rce.php' or similar suspicious files in the '/uploads/restore_backup/uploads/media/' directory and remove them. Implement strict access controls and logging to detect unauthorized backup restoration attempts. Consider applying any available updates or patches from the vendor or community to fix this vulnerability. If no patch is available, consider isolating the affected system from the network to prevent exploitation. [1]