exploitDog

CVE-2021-47758

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

Ссылки

https://github.com/sanskruti-technologies/chikitsa
Product
https://sourceforge.net/projects/chikitsa/
Product
https://www.chikitsa.io/
Product
https://www.exploit-db.com/exploits/50571
Exploit
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chikitsa:patient_management_system:2.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00494

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-wqg6-793x-j3cp

CVSS3: 8.8

github

23 дня назад

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

EPSS

Процентиль: 65%

0.00494

Низкий

8.8 High

CVSS3

Дефекты

CWE-434