Composer · packagist.org

chameleon-system/chameleon-base

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 8.0.66

Severity	Signal	Evidence
high	Php Base64 Eval Chain	base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/library/classes/TCMSListManager/TCMSListManagerFullGroupTable.class.php
high	Php Base64 Eval Chain	base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/library/classes/TTools/TTools.class.php
high	Php Base64 Eval Chain	base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/modules/CMSTableExport/CMSTableExport.class.php
high	Php Backtick With Decode	Backtick shell-out combined with base64/hex decode. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/library/classes/TCMSListManager/TCMSListManagerFullGroupTable.class.php
high	Php Backtick With Decode	Backtick shell-out combined with base64/hex decode. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/library/classes/TTools/TTools.class.php
high	Php Backtick With Decode	Backtick shell-out combined with base64/hex decode. · chameleon-system-chameleon-base-a87956d/src/CoreBundle/private/modules/CMSTableExport/CMSTableExport.class.php

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`8.0.66`	Review	30	2026-06-10
`8.0.64`	Review	30	2026-06-03
`8.0.63`	Review	30	2026-05-28
`8.0.62`	Review	30	2026-05-28

Block this in CI

PkgRadar gates chameleon-system/chameleon-base (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer chameleon-system/[email protected]