Composer · packagist.org
adrianbj/tracy-debugger
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 5.0.44
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · adrianbj-TracyDebugger-539d9aa/panels/Adminer/adminneo.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · adrianbj-TracyDebugger-539d9aa/panels/Adminer/adminneo.php |
| medium | Remote Payload | matched "curl " · adrianbj-TracyDebugger-539d9aa/tracy-2.10.x/tools/create-phar/create-phar.php |
| medium | Remote Payload | matched "curl " · adrianbj-TracyDebugger-539d9aa/tracy-2.7.x/tools/create-phar/create-phar.php |
| medium | Remote Payload | matched "curl " · adrianbj-TracyDebugger-539d9aa/tracy-2.9.x/tools/create-phar/create-phar.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
5.0.44 | Review | 33 | 2026-06-15 |
5.0.43 | Review | 33 | 2026-06-15 |
5.0.42 | Review | 33 | 2026-06-12 |
5.0.41 | Review | 33 | 2026-06-12 |
5.0.40 | Review | 33 | 2026-06-11 |
5.0.39 | Review | 33 | 2026-06-10 |
5.0.37 | Review | 33 | 2026-06-07 |
5.0.35 | Review | 33 | 2026-06-03 |
5.0.34 | Review | 36 | 2026-05-27 |
5.0.33 | Review | 36 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem composer adrianbj/[email protected]