Composer · packagist.org
zxf/security
Php Remote Include: include/require pulls code from an http(s) URL — remote code injection primitive.
Why PkgRadar flagged v1.1.8
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Remote Include | include/require pulls code from an http(s) URL — remote code injection primitive. · zhaoxianfang-security-b67483f/tests/_audit1.php |
| medium | Remote Payload | matched "wget " · zhaoxianfang-security-b67483f/tests/_audit1.php |
| medium | Remote Payload | matched "curl " · zhaoxianfang-security-b67483f/tests/_audit2.php |
| medium | Remote Payload | matched "curl " · zhaoxianfang-security-b67483f/tests/_audit_comprehensive.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.1.8 | High risk | 67 | 2026-06-15 |
Block this in CI
pkgradar gate --ecosystem composer zxf/[email protected]