Cyber Resilience

CVE-2021-47758

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0084 53.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47758 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Chikitsa Patient Management System. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-47758 is an authenticated remote code execution vulnerability affecting Chikitsa Patient Management System version 2.0.2. The issue stems from the module upload functionality, which permits attackers to upload malicious PHP plugins packaged as ZIP files containing weaponized PHP scripts that function as backdoors.

Authenticated attackers with low privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. Exploitation allows the generation and upload of a ZIP plugin embedding a PHP backdoor, enabling arbitrary command execution on the server and resulting in high impacts to confidentiality, integrity, and availability, as indicated by the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and association with CWE-434 (Unrestricted Upload of File with Dangerous Type).

References point to the project's GitHub repository at https://github.com/sanskruti-technologies/chikitsa, SourceForge page at https://sourceforge.net/projects/chikitsa/, official site at https://www.chikitsa.io/, and an Exploit-DB entry at https://www.exploit-db.com/exploits/50571, but no specific advisories or patch details are detailed in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables…

more

arbitrary command execution on the server through a weaponized PHP script.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability allows authenticated attackers to upload ZIP files containing malicious PHP backdoors (web shells) to a public-facing web application, enabling remote code execution (T1190: Exploit Public-Facing Application, T1505.003: Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47757Same product: Chikitsa Patient Management System
CVE-2025-22654Shared CWE-434
CVE-2025-11948Shared CWE-434
CVE-2025-67260Shared CWE-434
CVE-2025-28915Shared CWE-434
CVE-2023-53956Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2021-47819Shared CWE-434
CVE-2025-7852Shared CWE-434
CVE-2026-4883Shared CWE-434

Affected Assets

chikitsa
patient management system
2.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates uploaded ZIP files and their contents to block malicious PHP backdoors, directly addressing the unrestricted upload of dangerous file types leading to RCE.

prevent

Identifies, prioritizes, and remediates the specific flaw in the module upload functionality, preventing exploitation of this CVE through timely patching.

preventdetect

Deploys malicious code protection at the upload entry point to scan and eradicate PHP backdoors in ZIP plugins before execution.

References