CVE-2020-36878

HIGH

ReQuest Serious Play Media Player 3.0 - Info Disclosure

Title source: llm

Description

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48949

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48949

[Third Party Advisory] https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure

Scores

CVSS v4 8.7

EPSS 0.0008

EPSS Percentile 22.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-73

Status published

Products (5)

ReQuest Serious Play LLC/ReQuest Serious Play Media Player 1.5.1.820

ReQuest Serious Play LLC/ReQuest Serious Play Media Player 1.5.2.821

ReQuest Serious Play LLC/ReQuest Serious Play Media Player 1.5.2.822

ReQuest Serious Play LLC/ReQuest Serious Play Media Player 2.1.0.831

ReQuest Serious Play LLC/ReQuest Serious Play Media Player 3.0.0

Published Dec 05, 2025

Tracked Since Feb 18, 2026