📄 Description (English)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.
🤖 AI Executive Summary
CVE-2021-47758 is a critical authenticated remote code execution vulnerability in Chikitsa Patient Management System 2.0.2 that allows attackers to upload malicious PHP plugins and execute arbitrary commands on healthcare servers. With CVSS 8.8 and publicly available exploits, this poses an immediate threat to healthcare organizations managing patient data. The vulnerability requires authentication but can be exploited by compromised internal accounts or through credential theft.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 01:58
🇸🇦 Saudi Arabia Impact Assessment
Healthcare sector organizations in Saudi Arabia using Chikitsa PMS 2.0.2 face critical risk to patient data confidentiality, integrity, and availability. Ministry of Health facilities, private hospitals, and clinics managing sensitive health records are primary targets. Compromised systems could lead to unauthorized access to patient medical histories, prescription data, and personal information, violating GDPR-equivalent healthcare privacy requirements. Potential impact extends to operational disruption of patient management workflows and regulatory compliance violations under Saudi healthcare data protection standards.
🏢 Affected Saudi Sectors
Healthcare
Government Health Services
Private Hospitals and Clinics
Medical Research Institutions
Pharmaceutical Distribution
🎯 MITRE ATT&CK Techniques
T1190 - Exploit Public-Facing Application
T1199 - Trusted Relationship
T1566.002 - Phishing: Spearphishing Link
T1547.013 - Boot or Logon Initialization Scripts: Startup Items
T1059.007 - Command and Scripting Interpreter: JavaScript/JScript
T1505.003 - Server Software Component: Web Shell
T1570 - Lateral Tool Transfer
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Chikitsa PMS 2.0.2 in your healthcare environment
2. Restrict access to the module upload functionality to trusted administrators only
3. Review authentication logs for suspicious plugin uploads or failed authentication attempts
4. Isolate affected systems from production networks if exploitation is suspected
PATCHING:
1. Upgrade Chikitsa PMS to version 2.0.3 or later immediately
2. Verify patch application by checking version in system settings
3. Test functionality in staging environment before production deployment
COMPENSATING CONTROLS (if immediate patching not possible):
1. Disable plugin upload functionality at the application level
2. Implement Web Application Firewall (WAF) rules to block suspicious ZIP uploads to plugin endpoints
3. Restrict file upload permissions to read-only for PHP directories
4. Monitor /uploads and plugin directories for unauthorized PHP files
DETECTION:
1. Search for recently modified PHP files in plugin directories with timestamps after compromise window
2. Monitor for POST requests to plugin upload endpoints with ZIP file content-type
3. Alert on execution of PHP files in upload directories
4. Review web server logs for suspicious plugin activation patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Chikitsa PMS 2.0.2 في بيئة الرعاية الصحية الخاصة بك
2. تقييد الوصول إلى وظيفة تحميل الوحدات للمسؤولين الموثوقين فقط
3. مراجعة سجلات المصادقة للتحميلات المريبة أو محاولات المصادقة الفاشلة
4. عزل الأنظمة المتأثرة عن شبكات الإنتاج إذا كان الاستغلال مشبوهاً
التصحيح:
1. ترقية Chikitsa PMS إلى الإصدار 2.0.3 أو أحدث فوراً
2. التحقق من تطبيق التصحيح بفحص الإصدار في إعدادات النظام
3. اختبار الوظائف في بيئة التجريب قبل نشر الإنتاج
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تعطيل وظيفة تحميل الملحقات على مستوى التطبيق
2. تنفيذ قواعد جدار حماية تطبيقات الويب لحظر تحميلات ZIP المريبة
3. تقييد أذونات تحميل الملفات للقراءة فقط لمجلدات PHP
4. مراقبة مجلدات التحميل والملحقات للملفات PHP غير المصرح بها
الكشف:
1. البحث عن ملفات PHP المعدلة مؤخراً في مجلدات الملحقات
2. مراقبة طلبات POST إلى نقاط نهاية تحميل الملحقات
3. التنبيه على تنفيذ ملفات PHP في مجلدات التحميل
4. مراجعة سجلات خادم الويب للأنماط المريبة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - User endpoint devices
ECC 2024 A.12.4.1 - Event logging
🔵 SAMA CSF
ID.BE-5 - Organizational resilience
PR.DS-6 - Integrity checking mechanisms
PR.IP-1 - Security patch management
DE.CM-1 - The network is monitored for unauthorized connections
🟡 ISO 27001:2022
A.12.2.1 - Routine operations and change management
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy and procedures
A.12.4.1 - Event logging
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches must be installed
Requirement 6.5.1 - Injection flaws prevention
Requirement 11.2 - Vulnerability scanning
🔗 References & Sources 4
🔗
https://github.com/sanskruti-technologies/chikitsa
disclosure@vulncheck.com
Product
🔗
https://sourceforge.net/projects/chikitsa/
disclosure@vulncheck.com
Product
🔗
https://www.chikitsa.io/
disclosure@vulncheck.com
Product
🔗
https://www.exploit-db.com/exploits/50571
disclosure@vulncheck.com
Exploit
VDB Entry
📦 Affected Products / CPE 1 entries
chikitsa:patient_management_system:2.0.2