VYPR

Packagist (Composer) package

goodoneuz/pay-uz

pkg:composer/goodoneuz/pay-uz

Vulnerabilities (1)

  • CVE-2026-31843CriApr 16, 2026
    affected <= 2.2.24

    The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication midd