Composer · packagist.org
andrevanzuydam/tina4php
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 3.13.13
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tina4stack-tina4-php-a14f825/Tina4/Auth.php |
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tina4stack-tina4-php-a14f825/Tina4/Frond.php |
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tina4stack-tina4-php-a14f825/Tina4/MCP.php |
| high | Php Remote Fetch Exec Combo | Remote fetch (file_get_contents/curl) paired with eval/exec — fetch-and-run pattern. · tina4stack-tina4-php-a14f825/Tina4/DevAdmin.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · tina4stack-tina4-php-a14f825/Tina4/Auth.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · tina4stack-tina4-php-a14f825/Tina4/Frond.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · tina4stack-tina4-php-a14f825/Tina4/MCP.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.13.13 | Review | 49 | 2026-06-11 |
3.13.9 | Review | 49 | 2026-06-10 |
3.13.7 | Review | 49 | 2026-06-10 |
3.13.5 | Review | 49 | 2026-06-05 |
3.13.4 | Review | 43 | 2026-06-04 |
3.13.2 | Review | 43 | 2026-06-03 |
3.13.0 | Review | 43 | 2026-06-01 |
3.12.14 | Review | 33 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem composer andrevanzuydam/[email protected]