Composer · packagist.org
getkirby/cms
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 5.4.4
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · getkirby-kirby-3f96d3b/src/Cms/License.php |
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · getkirby-kirby-3f96d3b/vendor/claviska/simpleimage/src/claviska/SimpleImage.php |
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · getkirby-kirby-3f96d3b/vendor/phpmailer/phpmailer/src/PHPMailer.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · getkirby-kirby-3f96d3b/src/Cms/License.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · getkirby-kirby-3f96d3b/vendor/claviska/simpleimage/src/claviska/SimpleImage.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · getkirby-kirby-3f96d3b/vendor/phpmailer/phpmailer/src/PHPMailer.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · getkirby-kirby-3f96d3b/vendor/phpmailer/phpmailer/src/PHPMailer.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
5.4.4 | Review | 46 | 2026-06-17 |
Block this in CI
pkgradar gate --ecosystem composer getkirby/[email protected]