{
  "entrypoint_kind": "function_call",
  "entrypoint_detail": "Horde_Vfs_Smb::createFolder() -> _command() -> _execute() -> proc_open()",
  "service_started": false,
  "healthcheck_passed": false,
  "target_path_reached": true,
  "runtime_stack": [
    "php",
    "horde-vfs",
    "Horde_Vfs_Smb",
    "smbclient"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vulnerable.log",
    "logs/vulnerable_smbclient.log",
    "logs/fixed.log",
    "logs/fixed_smbclient.log",
    "repro/artifacts/fake_smbclient.sh",
    "repro/artifacts/harness.php"
  ],
  "notes": "Command injection in vulnerable Smb.php causes the shell to execute $(id) before the fake smbclient is reached; the fixed commit passes the same payload as a literal argument to proc_open."
}
