Composer · packagist.org
ironcartlabs/magento-scan
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v1.5.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · IronCartLabs-IronCartM2-dd1f9b9/Check/License/LicenseVerifier.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · IronCartLabs-IronCartM2-dd1f9b9/Check/License/LicenseVerifier.php |
| medium | Remote Payload | matched "curl " · IronCartLabs-IronCartM2-dd1f9b9/Check/Upload/UploadRunner.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.5.1 | High risk | 87 | 2026-06-12 |
Block this in CI
pkgradar gate --ecosystem composer ironcartlabs/[email protected]