Composer · packagist.org

ionzile/core

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 4.7.0

Severity	Signal	Evidence
high	Php Base64 Eval Chain	base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tahadeveloper-ions.core-9ca1cc2/src/Security/Encrypter.php
high	Php Backtick With Decode	Backtick shell-out combined with base64/hex decode. · tahadeveloper-ions.core-9ca1cc2/src/Security/Encrypter.php

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.7.0`	High risk	40	2026-06-13
`4.0.0`	Low risk	0	2026-06-10
`1.8.0`	Low risk	0	2026-06-09
`3.0.0`	Low risk	0	2026-06-09

Block this in CI

PkgRadar gates ionzile/core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer ionzile/[email protected]