{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "Joomla iCagenda public event submission form endpoint /index.php?option=com_icagenda&task=submit.submit",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "mysql:8.0",
    "joomla:6.0-php8.3-apache",
    "icagenda 4.0.7 vulnerable",
    "icagenda 4.0.8 fixed"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vulnerable_source.log",
    "logs/fixed_source.log",
    "logs/vulnerable_container.log",
    "logs/fixed_container.log",
    "repro/form_page_vulnerable.html",
    "repro/form_page_fixed.html",
    "repro/upload_vulnerable.log",
    "repro/fetch_vulnerable_rce.log",
    "repro/upload_fixed.log",
    "repro/fetch_fixed_rce.log"
  ],
  "notes": "Confirmed production-path RCE: iCagenda 4.0.7 on Joomla 6 accepted an unauthenticated public event form PHP attachment, stored it under /images/icagenda/frontend/attachments/, and an HTTP GET to the uploaded PHP shell executed the attacker-controlled cmd=id as www-data. Fixed iCagenda 4.0.8 blocked the same PHP upload and no shell executed."
}
