Nepska

**Name of the Vulnerable Software and Affected Versions** Tea LaTex version 1.0 **Description** Tea LaTex 1.0 contains a remote code execution issue that allows unauthenticated attackers to execute arbitrary shell commands. This is achieved through the `/api.php` endpoint by crafting a malicious LaTeX payload with shell commands. These commands are executed when processed by the application’s `tex2png` API action. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.