An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote malicious user to obtain sensitive information via the Models/FormModel.php and QRModel.php component.