{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "Unauthenticated HTTP GET to WordPress REST endpoint /?rest_route=/premmerce/wishlist/add/popup with crafted premmerce_wishlist cookie (sent from a separate Docker-network client container to the WordPress service by container name).",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "mariadb:11.4",
    "wordpress:6.7.2-php8.2-apache",
    "woocommerce 8.9.3",
    "premmerce-woocommerce-wishlist"
  ],
  "proof_artifacts": [
    "repro/artifacts/fixed_sleep_1.body",
    "repro/artifacts/fixed_sleep_2.body",
    "repro/artifacts/fixed_union_1.body",
    "repro/artifacts/fixed_union_2.body",
    "repro/artifacts/vuln_sleep_1.body",
    "repro/artifacts/vuln_sleep_2.body",
    "repro/artifacts/vuln_union_1.body",
    "repro/artifacts/vuln_union_2.body"
  ],
  "vulnerable_sleep_seconds": [
    5.197395,
    6.098308
  ],
  "vulnerable_union_leak_counts": [
    1,
    1
  ],
  "fixed_sleep_seconds": [
    0.121983,
    0.076013
  ],
  "fixed_union_leak_counts": [
    0,
    0
  ],
  "confirmation_status": "confirmed",
  "notes": "Unauthenticated SQL injection confirmed on Premmerce Wishlist 1.1.11 via premmerce_wishlist cookie; fixed in 1.1.12."
}