Primary

Context

Chikitsa Patient Management System Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Chikitsa Patient Management System version 2.0.2. This vulnerability allows authenticated attackers to upload malicious PHP plugins through the module upload feature. Once uploaded, these plugins can be activated to execute arbitrary commands on the server via a PHP backdoor.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where Chikitsa Patient Management System is installed.

Reproduction

To reproduce this vulnerability, log into the Chikitsa Patient Management System as an authenticated user. Navigate to the module upload section and upload a ZIP file containing a PHP backdoor. After uploading, activate the module, which will deploy the backdoor on the server. The backdoor can then be accessed to execute commands on the server.

Added: Jan 15, 2026, 4:43 PM

Updated: Jan 15, 2026, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chikitsa Patient Management System Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Chikitsa Patient Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating