Vendor
A critical unauthenticated remote code execution vulnerability exists in the goodoneuz/pay-uz Laravel package (<= 2.2.24) due to direct user-controlled input being written to executable PHP files via the /payment/api/editable/update endpoint.