Unrated severityNVD Advisory· Published Jan 15, 2026· Updated Mar 5, 2026

Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)

CVE-2021-47758

Description

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.

Affected products

Chikitsa/Patient Management Systemllm-create
Range: =2.0.2
dharashah/Chikitsa Patient Management Systemv5
Range: 2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50571mitreexploit
sourceforge.net/projects/chikitsa/mitreproduct
www.chikitsa.iomitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000