CVE-2021-47758
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sanskruti-technologies | chikitsa | 2.0.2 |
| chikitsa | patient_management_system | 2.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the backdoor file at /application/modules/rce.php on the server. You can also monitor HTTP requests for suspicious commands sent via the 'cmd' parameter. For example, on the server, you can run commands like 'ls /application/modules/' to see if rce.php exists. Additionally, monitoring web server logs for requests containing 'cmd=' parameters may help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the plugin upload functionality to prevent authenticated users from uploading arbitrary plugins. Ensure strict validation and sanitization of uploaded files. Remove any existing malicious plugins such as /application/modules/rce.php. Apply access controls to limit who can upload and activate plugins. Consider updating or patching the system if a fix is available. [3]
Can you explain this vulnerability to me?
CVE-2021-47758 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System version 2.0.2. An attacker with valid credentials can upload a malicious PHP plugin by packaging a PHP backdoor inside a ZIP archive and uploading it through the module upload functionality. Once the malicious plugin is activated, it deploys a backdoor script on the server that allows the attacker to execute arbitrary system commands remotely via HTTP requests. [3]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary commands on the server hosting the Chikitsa Patient Management System. This can lead to full system compromise, unauthorized access to sensitive patient data, disruption of healthcare services, and potential further exploitation of the underlying infrastructure. [3]