HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex.