Composer · packagist.org
tallcms/cms
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 4.6.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tallcms-cms-adf736f/src/Services/TallCmsUpdater.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · tallcms-cms-adf736f/src/Services/TallCmsUpdater.php |
| medium | Remote Payload | matched "cURL " · tallcms-cms-adf736f/src/Services/EnvironmentChecker.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.6.2 | High risk | 92 | 2026-05-31 |
4.6.3 | High risk | 92 | 2026-05-31 |
4.6.1 | High risk | 92 | 2026-05-31 |
4.6.0 | High risk | 92 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem composer tallcms/[email protected]