CVE-2020-37012

Name of the Vulnerable Software and Affected Versions Tea LaTex version 1.0

Description Tea LaTex 1.0 contains a remote code execution issue that allows unauthenticated attackers to execute arbitrary shell commands. This is achieved through the /api.php endpoint by crafting a malicious LaTeX payload with shell commands. These commands are executed when processed by the application’s tex2png API action.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.