{
  "stage": "vuln_variant",
  "created_at": "2026-07-06T15:15:00Z",
  "verdict": "no_distinct_variant_or_bypass_confirmed",
  "confirmed": false,
  "bypass_confirmed_on_fixed_version": false,
  "alternate_trigger_confirmed_on_vulnerable_version": false,
  "tested_variant_summary": "Unauthenticated public event submission using alternate multipart field jform[image] with a GIF/PHP polyglot named .php was tested against iCagenda 4.0.7 and fixed 4.0.8.",
  "submitted_target": {
    "target_kind": "release_package",
    "version": "4.0.7",
    "display": "Official iCagenda 4.0.7 package from joomlic.com; SHA-256 f12e38d16f7c6cdf9bfd4bde9ab2351f8123c78e09b1db0846371eb42fb30537"
  },
  "variant_target": {
    "target_kind": "release_package",
    "version": "4.0.8",
    "display": "Official iCagenda 4.0.8 fixed package from joomlic.com; SHA-256 be3788daaef85b903b540685eebeec2bf3257ed2cc02159f11fbddf5e707ce74"
  },
  "runtime_tested": true,
  "fixed_or_latest_tested": true,
  "end_to_end_target_reached": true,
  "evidence_scope": "runtime_negative_control",
  "observed_results": {
    "vulnerable_4_0_7_image_field_stored": true,
    "vulnerable_4_0_7_image_field_rce": false,
    "fixed_4_0_8_image_field_stored": true,
    "fixed_4_0_8_image_field_rce": false,
    "stored_extension": ".gif",
    "would_be_php_url_status": 404,
    "stored_gif_url_status": 200
  },
  "blocking_mitigation": "The alternate image upload path rewrites a .php image-field filename to a detected image extension (.gif) and the tested Apache/PHP runtime serves the resulting file as static image/gif. The fixed 4.0.8 attachment path also blocks executable attachment extensions with MediaHelper::canUpload().",
  "claim_block_reason": "No RCE was observed through the distinct public image-field path on either vulnerable or fixed targets; no same-trust-boundary public upload sink preserving executable extensions was found beyond the fixed attachment field.",
  "reproducer": "bundle/vuln_variant/reproduction_steps.sh",
  "logs": [
    "bundle/logs/vuln_variant/reproduction_steps.log",
    "bundle/vuln_variant/fetch_image_fixed_php.log",
    "bundle/vuln_variant/fetch_image_fixed_gif.log",
    "bundle/vuln_variant/submitted_images_fixed.txt"
  ]
}
