Sorry to hear that. If it's bugbounty or responsible disclosure program then u can tell them that it's your developer fault. What will you be do if attacker has uploaded shell and get the RCE on your server then will you be give me same comment hahha lol 😂