There are some reports about security problems with qEngine & its family (Kemana & Cart Engine). The security problems are as follow:
Problems #1 & #2 are only accessible from administration panels only, so it can't be accessed by guests or regular users (non administrators). Regular users simply can't access the administration panel & can't upload such files. So my advice for these problems is to give administrators access to trusted people only (which you should have been done in the first place, btw). If you are the only administrator in your site, you are very safe.
And for problem #3, my advice is to rename the database backup files in /admin/backup folder. Or better yet, delete the files after you have downloaded them.
These problems will be fixed in the future releases.
If you have any questions about these problems, don't hestitate to contact me.
Subscribe to our newsletter for the latest updates and exciting promotions!