PkgRadar

Composer · packagist.org

easeo/cms-core

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged v0.2.0-rc2

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · easeo-nl-cms-core-5cb896f/vendor-legacy/phpmailer/PHPMailer.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · easeo-nl-cms-core-5cb896f/vendor-legacy/phpmailer/PHPMailer.php
highPhp Backtick With DecodeBacktick shell-out combined with base64/hex decode. · easeo-nl-cms-core-5cb896f/vendor-legacy/phpmailer/PHPMailer.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.2.0-rc2High risk1052026-06-01
v0.2.0-rc1High risk1052026-05-30
v0.1.0-rc2High risk1052026-05-30

Block this in CI

PkgRadar gates easeo/cms-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer easeo/[email protected]
Start free — 25 scans / moView full evidence