PkgRadar

Composer · packagist.org

bekambeyene/telebirr

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged v2

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · OgBek-Telebirr-laravel-package-61e7284/vendor/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · OgBek-Telebirr-laravel-package-61e7284/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v2High risk552026-05-31
v1.0.1High risk502026-05-29

Block this in CI

PkgRadar gates bekambeyene/telebirr (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer bekambeyene/telebirr@v2
Start free — 25 scans / moView full evidence
bekambeyene/telebirr — Composer security scan | PkgRadar