{"entrypoint_kind": "api_remote", "entrypoint_detail": "Pagekit CMS 1.0.18 \u2014 variant: saveAction escalation to system: software updates, then UpdateController self-updater ZIP overwrite for RCE", "service_started": true, "healthcheck_passed": true, "target_path_reached": true, "runtime_stack": ["docker", "php:7.4-apache", "pagekit-cms-1.0.18", "sqlite"], "proof_artifacts": ["logs/vuln_variant/reproduction_steps.log", "logs/vuln_variant/exploit_evidence.txt", "logs/vuln_variant/rce_id_output.txt", "logs/vuln_variant/rce_whoami_output.txt", "logs/vuln_variant/fixed_version.txt"], "notes": "Editor(id=2) self-assigned Updater role(id=4, system: software updates) via saveAction (only blocks id=3). Variant sink: UpdateController download+update -> SelfUpdater extracted rce_variant.php. RCE: id=uid=33(www-data) gid=33(www-data) groups=33(www-data) whoami=www-data. Fixed version: no-fixed-version (release ZIP; 1.0.18 is final release, project archived)"}