Composer · packagist.org
aghfatehi/laravel-zatca
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v1.3.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · aghfatehi-laravel-zatca-aa0384a/src/Services/CertificateService.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · aghfatehi-laravel-zatca-aa0384a/src/Services/CertificateService.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.3.0 | High risk | 75 | 2026-06-06 |
v1.4.0 | High risk | 75 | 2026-06-06 |
v1.1.0 | High risk | 75 | 2026-06-03 |
Related campaigns
- php_shell_with_decode:exec / system / shell_exec combined with base64/hex decode. — 194 releases, max score 186
- php_base64_eval_chain:base64/gz/hex decode combined with eval/exec/backticks — classic php obfuscated payload. — 306 releases, max score 186
Block this in CI
pkgradar gate --ecosystem composer aghfatehi/[email protected]