← back
CVE-2025-13564

SourceCodester Pre-School Management System FilehelperController.php removefile denial of service

CVSS 5.3 MEDIUMEPSS 0.3%CWE-404
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
SourceCodester · Pre-School Management System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/0xffaaa/cve/blob/main/Pre_School_Management_System_Arbitrary_File_Deletion_Vulnerabilit.mdhttps://vuldb.com/?ctiid.333328https://vuldb.com/?id.333328https://vuldb.com/?submit.697083https://www.sourcecodester.com/