Jsjbcyber

**Name of the Vulnerable Software and Affected Versions** Tenda W30E V2.0 version V16.01.0.21 **Description** Command injection is possible in the `do ping action()` function through the `hostName` parameter. This allows attackers to execute arbitrary commands by sending a crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version V2.0 V16.01.0.21 **Description** The `formSetUSBPartitionUmount()` function fails to properly neutralize special elements when processing the `usbPartitionName` parameter. This allows a remote attacker to execute arbitrary commands by sending a specially crafted POST request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AtomCMS version 2.0 **Description** A SQL injection issue was discovered in AtomCMS via the /admin/login.php endpoint. This allows for potential exploitation. **Recommendations** For AtomCMS version 2.0, consider disabling access to the /admin/login.php endpoint until a patch is available. Restricting input to prevent malicious SQL commands can also help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.