Composer · packagist.org
billz/raspap-webgui
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 3.5.4
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · RaspAP-raspap-webgui-3e37dcc/includes/functions.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · RaspAP-raspap-webgui-3e37dcc/includes/functions.php |
| medium | Remote Payload | matched "wget " · RaspAP-raspap-webgui-3e37dcc/ajax/system/sys_chk_update.php |
| medium | Remote Payload | matched "wget " · RaspAP-raspap-webgui-3e37dcc/includes/functions.php |
| medium | Remote Payload | matched "curl " · RaspAP-raspap-webgui-3e37dcc/includes/internetRoute.php |
| medium | Remote Payload | matched "cUrl " · RaspAP-raspap-webgui-3e37dcc/includes/restapi.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.5.4 | High risk | 61 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem composer billz/[email protected]