Composer · packagist.org
therealworld/clirun-plugin
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v4.0.24
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · therealworld-clirun-plugin-1b16bc8b04f4/src/Command/DecodeLegacyCommand.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · therealworld-clirun-plugin-1b16bc8b04f4/src/Command/DecodeLegacyCommand.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v4.0.24 | High risk | 37 | 2026-06-08 |
4.0.23 | High risk | 37 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem composer therealworld/[email protected]