PkgRadar

Composer · packagist.org

cloudframework-io/backend-core-php8

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 8.4.49

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · CloudFramework-io-backend-core-php8-a119586/runapi.php
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · CloudFramework-io-backend-core-php8-a119586/src/Core7.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · CloudFramework-io-backend-core-php8-a119586/runapi.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · CloudFramework-io-backend-core-php8-a119586/src/Core7.php
mediumRemote Payloadmatched "cUrl " · CloudFramework-io-backend-core-php8-a119586/src/api/_upload.php
mediumRemote Payloadmatched "cUrl " · CloudFramework-io-backend-core-php8-a119586/src/class/Buckets.php
mediumRemote Payloadmatched "curl " · CloudFramework-io-backend-core-php8-a119586/src/class/Facebook.php
mediumRemote Payloadmatched "curl " · CloudFramework-io-backend-core-php8-a119586/src/class/Google.php

Scanned versions

VersionVerdictScoreScanned (UTC)
8.4.49High risk762026-06-02

Block this in CI

PkgRadar gates cloudframework-io/backend-core-php8 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer cloudframework-io/[email protected]
Start free — 25 scans / moView full evidence