Composer · packagist.org
sirosoft/core
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v0.35.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · SiroSoft-siro-core-bc83390/tests/security/PenetrationTest.php |
| medium | Remote Payload | matched "curl " · SiroSoft-siro-core-bc83390/Commands/LogExportCommand.php |
| medium | Remote Payload | matched "curl " · SiroSoft-siro-core-bc83390/Commands/LogReplayCommand.php |
| medium | Remote Payload | matched "curl " · SiroSoft-siro-core-bc83390/Commands/MakeApiKeyCommand.php |
| medium | Remote Payload | matched "curl " · SiroSoft-siro-core-bc83390/Commands/ServeCommand.php |
| medium | Remote Payload | matched "curl " · SiroSoft-siro-core-bc83390/Http.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.35.0 | High risk | 110 | 2026-06-07 |
v0.34.0 | High risk | 110 | 2026-06-04 |
v0.33.1 | High risk | 110 | 2026-06-02 |
v0.33.0 | High risk | 110 | 2026-06-01 |
v0.32.1 | High risk | 110 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem composer sirosoft/[email protected]