CVE-2021-47758

Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2

Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can create and upload a ZIP plugin containing a PHP backdoor, enabling arbitrary command execution on the server via a weaponized PHP script. The vulnerable functionality involves uploading modules.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the module upload functionality.