CVE-2026-31843P2CRITICALCVSS 9.8≤ 2.2.242026-04-16
CVE-2026-31843 [CRITICAL] CWE-284 CVE-2026-31843: The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled i
ghsanvd