cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...