Mohamed Taher ABOUD

2 exploits Active since Apr 2026
CVE-2025-70364 WRITEUP HIGH WRITEUP
Kiamo <8.4 - Code Injection
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.
CVSS 8.8
CVE-2025-70365 WRITEUP MEDIUM WRITEUP
Kiamo <8.4 - Stored XSS
A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.
CVSS 5.4