{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "Unauthenticated HTTP POST to com_pagebuilderck browse.ajaxAddPicture endpoint",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "joomla-5.2",
    "php-8.2",
    "apache-2.4",
    "mariadb-10.11",
    "pagebuilderck-3.6.1-fix-reverted"
  ],
  "proof_artifacts": [
    "logs/evidence.log",
    "logs/upload_vulnerable_response.txt",
    "logs/rce_vulnerable_output.txt",
    "logs/upload_fixed_response.txt",
    "logs/exploit_shell.php"
  ],
  "notes": "CVE-2026-56290: Unauthenticated file upload to RCE. RCE confirmed: YES"
}