Composer · packagist.org
baserproject/basercms
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 4.8.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · baserproject-basercms-330c556/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php |
| high | Php Assert String Exec | assert() called with a variable — PHP's deprecated string-exec backdoor. · baserproject-basercms-330c556/lib/Baser/Controller/Component/BcEmailComponent.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · baserproject-basercms-330c556/lib/Cake/Controller/Component/Auth/BasicAuthenticate.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.8.3 | Review | 34 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem composer baserproject/[email protected]