Chikitsa Patient Management System Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Chikitsa Patient Management System version 2.0.2. This vulnerability exists in the backup restoration feature, where authenticated attackers can upload a modified backup zip file containing a malicious PHP shell. Once uploaded, the shell can be used to execute arbitrary commands on the server.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where Chikitsa Patient Management System 2.0.2 is installed.

Reproduction

To reproduce this vulnerability, an authenticated user must log into the Chikitsa Patient Management System 2.0.2. After logging in, the user can download a backup of the application. Once the backup is downloaded, it can be modified by injecting a PHP backdoor into the backup file. This modified backup can then be uploaded through the application's backup restoration feature. After the upload, the backdoor can be accessed via a specific URL, allowing the execution of commands on the server.