CVE-2021-47757
HIGH WAF: Medium
CVSS 8.8
Published: 2026-01-15
CWE-434
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| chikitsa | patient_management_system | 2.0.2 |
References
- github.com (Product)
- sourceforge.net (Product)
- www.chikitsa.io (Product)
- www.exploit-db.com (Exploit, VDB Entry)