Code Execution in F*EX

Posted on March 15, 2022 by greg

We have recently taken a look at the F*EX file exchange service, a Perl-based web application for exchanging large files. While inspecting the solution’s source code, we stumbled upon a pre-auth RCE issue described in this advisory. The author immediately addressed the vulnerability. Long story short: you might want to update your installations.