CVE-2021-47757 – CVE-2021-47757 is an authenticated remote code ... (How to Fix)

Q: What is the severity of CVE-2021-47757?

CVE-2021-47757 has a CVSS score of 8.8 (HIGH). CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System 2.0.2. Authenticated attackers can upload malicious backup files containing PHP shells to execute arbitrary commands on the server. This affects all installations running the vulnerable version of Chikitsa.

📋 TL;DR

CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System 2.0.2. Authenticated attackers can upload malicious backup files containing PHP shells to execute arbitrary commands on the server. This affects all installations running the vulnerable version of Chikitsa.

💻 Affected Systems

Products:

Chikitsa Patient Management System

Versions: 2.0.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the backup restoration functionality.

📦 What is this software?

Patient Management System by Chikitsa

View all CVEs affecting Patient Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to steal sensitive patient data, install persistent backdoors, pivot to other systems, or deploy ransomware.

🟠

Likely Case

Data exfiltration of patient records and healthcare information, installation of cryptocurrency miners, or defacement of the system.

🟢

If Mitigated

Limited impact if proper file upload restrictions and authentication controls are in place, though authenticated users could still exploit.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 50572). Attack requires authenticated user credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.3 or later

Vendor Advisory: https://www.chikitsa.io/

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download the latest version from the official website. 3. Replace the vulnerable files with the patched version. 4. Verify the backup restoration functionality validates file types properly.

🔧 Temporary Workarounds

Disable Backup Restoration

all

Temporarily disable the backup restoration functionality in the application.

# Modify application configuration to disable backup uploads
# Remove or restrict access to backup restoration pages

Implement File Upload Restrictions

linux

Configure web server to block PHP file uploads through backup functionality.

# For Apache: Add to .htaccess or virtual host config
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/backup/upload
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteRule .* - [F,L]

🧯 If You Can't Patch

Implement strict access controls to limit backup functionality to trusted administrators only.
Deploy a web application firewall (WAF) with rules to detect and block malicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Check if running Chikitsa version 2.0.2 and test if backup restoration accepts PHP files.

Check Version:

Check the application's admin panel or version.txt file in the installation directory.

Verify Fix Applied:

Verify version is 2.0.3 or later and test that backup restoration rejects PHP files.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to backup directories
PHP file execution from backup locations
Multiple failed login attempts followed by backup uploads

Network Indicators:

HTTP POST requests to backup upload endpoints with PHP file extensions
Outbound connections from the server to unknown IPs after backup operations

SIEM Query:

source="web_server" AND (uri="/backup/upload" OR uri="/backup/restore") AND (file_extension="php" OR file_extension="phtml")

📊 Metadata

CVE ID: CVE-2021-47757

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.48% exploit probability (64.5th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://github.com/sanskruti-technologies/chikitsa Product
https://sourceforge.net/projects/chikitsa/ Product
https://www.chikitsa.io/ Product
https://www.exploit-db.com/exploits/50572 Exploit,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47757, you might also want to check these: