{
  "variant_summary": "chunked PUT, WebDAV MOVE, and .shtm extension as alternate triggers for CivetWeb SSI #exec RCE",
  "vulnerable": {
    "chunked_put_shtml": 1,
    "webdav_move_shtml": 1,
    "put_shtm": 1
  },
  "fixed": {
    "chunked_put_shtml": 0,
    "webdav_move_shtml": 0,
    "put_shtm": 0
  },
  "variant_reproduced_on_vulnerable": true,
  "bypass_on_fixed": false,
  "runtime_stack": [
    "civetweb"
  ],
  "proof_artifacts": [
    "logs/vuln_variant.log",
    "vuln_variant/artifacts/vulnerable-chunked/get_body.txt",
    "vuln_variant/artifacts/vulnerable-chunked/get_headers.txt",
    "vuln_variant/artifacts/vulnerable-webdav/get_body.txt",
    "vuln_variant/artifacts/vulnerable-webdav/get_headers.txt",
    "vuln_variant/artifacts/vulnerable-shtm/get_body.txt",
    "vuln_variant/artifacts/vulnerable-shtm/get_headers.txt",
    "vuln_variant/artifacts/fixed-chunked/get_body.txt",
    "vuln_variant/artifacts/fixed-chunked/get_headers.txt",
    "vuln_variant/artifacts/fixed-webdav/get_body.txt",
    "vuln_variant/artifacts/fixed-webdav/get_headers.txt",
    "vuln_variant/artifacts/fixed-shtm/get_body.txt",
    "vuln_variant/artifacts/fixed-shtm/get_headers.txt"
  ]
}
