Composer · packagist.org
bangsamu/master
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v1.1.74
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · BangsaMU-master-cd49ef6/src/Controllers/ApiAnnotationController.php |
| high | Php Remote Fetch Exec Combo | Remote fetch (file_get_contents/curl) paired with eval/exec — fetch-and-run pattern. · BangsaMU-master-cd49ef6/src/Controllers/ApiAnnotationController.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · BangsaMU-master-cd49ef6/src/Controllers/ApiAnnotationController.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.1.74 | High risk | 55 | 2026-05-30 |
Related campaigns
- php_remote_fetch_exec_combo:remote fetch (file_get_contents/curl) paired with eval/exec — fetch-and-run pattern. — 37 releases, max score 186
Block this in CI
pkgradar gate --ecosystem composer bangsamu/[email protected]