CVE-2020-36878

ReQuest Serious Play Media Player 3.0 - Info Disclosure

Title source: llm

Description

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48949

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48949

[Third Party Advisory] https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php

Scores

EPSS 0.0006

EPSS Percentile 18.4%

Classification

CWE

CWE-73

Status draft

Timeline

Published Dec 05, 2025

Tracked Since Feb 18, 2026