VYPR

Pay Uz

by Shaxzodbek Uzb

Source repositories

CVEs (1)

  • CVE-2026-31843CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.02

    The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication…