PHP : Undocumented feature: hidden functionality

The application executes the code obtained from the string after decoding (e.g, base64). Authors of backdoors use this technique to make it difficult to detect the code that implements the undocumented functionality.

From a security perspective, even when hidden functionality is not intentionally malicious, it gives an attacker an additional opportunity for a successful application attack. For example, the hidden functionality could be useful for attacks that modify the control flow of the application.