Composer · packagist.org
mgamadeus/ddd
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 2.38.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · mgamadeus-ddd-ab9f399/src/Domain/Base/Entities/MessageHandlers/AppMessage.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · mgamadeus-ddd-ab9f399/src/Domain/Base/Entities/MessageHandlers/AppMessage.php |
| medium | Remote Payload | matched "cUrl " · mgamadeus-ddd-ab9f399/src/Domain/Common/Entities/MediaItems/GenericMediaItem.php |
| medium | Remote Payload | matched "cUrl " · mgamadeus-ddd-ab9f399/src/Domain/Common/Entities/MediaItems/MediaItemContentTrait.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.38.0 | High risk | 49 | 2026-06-16 |
2.34.0 | High risk | 49 | 2026-06-14 |
2.35.0 | High risk | 49 | 2026-06-14 |
2.31.0 | High risk | 49 | 2026-06-10 |
2.30.0 | High risk | 49 | 2026-06-10 |
2.28.0 | High risk | 49 | 2026-06-03 |
2.27.0 | High risk | 49 | 2026-06-02 |
2.25.0 | High risk | 49 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem composer mgamadeus/[email protected]