Composer · packagist.org
craftcms/yii2-adapter
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 6.0.0-alpha.6
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · craftcms-yii2-adapter-fcd5156/legacy/helpers/StringHelper.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · craftcms-yii2-adapter-fcd5156/legacy/helpers/StringHelper.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
6.0.0-alpha.6 | High risk | 75 | 2026-06-03 |
Related campaigns
- php_backtick_with_decode:backtick shell-out combined with base64/hex decode. — 160 releases, max score 186
Block this in CI
pkgradar gate --ecosystem composer craftcms/[email protected]