cart2quote/module-quotation-encoded is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the use of the unserialize function when processing data from a GET request, which can be exploited by attackers to execute arbitrary code remotely, particularly when custom file options are used on a product.