Code Execution in F*EX
Posted on March 15, 2022 by greg
We have recently taken a look at the F*EX file exchange service, a Perl-based web application for exchanging large files. While inspecting the solution’s source code, we stumbled upon a pre-auth RCE issue described in this advisory. The author immediately addressed the vulnerability. Long story short: you might want to update your installations.