[CRITICAL] goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files

PKSA-hc2w-9ctz-542g CVE-2026-31843 GHSA-m5wg-cjgh-223j

Affected version: <=2.2.24

Reported by:
GitHub