PkgRadar

Composer · packagist.org

leazycms/web

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 1.0.22

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · iamudin-leazycms-709a79f/src/Http/Controllers/PanelController.php
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · iamudin-leazycms-709a79f/src/Middleware/RateLimit.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · iamudin-leazycms-709a79f/src/Http/Controllers/PanelController.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · iamudin-leazycms-709a79f/src/Middleware/RateLimit.php

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.22High risk1002026-06-16
1.0.19High risk1002026-06-12
1.0.18High risk1002026-06-10
1.0.13High risk1002026-06-10
1.0.14High risk1002026-06-10
1.0.15High risk1002026-06-10
1.0.12High risk1002026-06-09
1.0.10High risk1002026-06-09
1.0.9High risk1002026-06-09
1.0.6High risk1002026-06-08
1.0.5High risk1002026-06-08
1.0.4High risk1002026-06-07
1.0.3High risk1002026-06-06
1.0.2High risk1002026-06-06
1.0.1High risk1002026-06-06
1.2.2119High risk402026-06-04
1.2.2113High risk402026-06-03
1.2.2111High risk402026-06-02
1.2.2108High risk402026-05-30
1.2.2109High risk402026-05-30
1.2.2105High risk402026-05-30

Block this in CI

PkgRadar gates leazycms/web (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer leazycms/[email protected]
Start free — 25 scans / moView full evidence