Composer · packagist.org
fleetbase/core-api
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 1.6.52
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · fleetbase-core-api-e7ac705/src/Support/Utils.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · fleetbase-core-api-e7ac705/src/Support/Utils.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · fleetbase-core-api-e7ac705/src/Support/Utils.php |
| medium | Remote Payload | matched "raw.githubusercontent.com" · fleetbase-core-api-e7ac705/src/Http/Controllers/Internal/v1/LookupController.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.6.52 | High risk | 73 | 2026-06-16 |
Block this in CI
pkgradar gate --ecosystem composer fleetbase/[email protected]