Search criteria
2 vulnerabilities found for ReQuest Serious Play Media Player by ReQuest Serious Play LLC
CVE-2020-36878 (GCVE-0-2020-36878)
Vulnerability from cvelistv5 – Published: 2025-12-05 17:17 – Updated: 2025-12-08 17:40
VLAI?
Title
ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
Summary
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ReQuest Serious Play LLC | ReQuest Serious Play Media Player |
Affected:
3.0.0
Affected: 2.1.0.831 Affected: 1.5.2.822 Affected: 1.5.2.821 Affected: 1.5.1.820 |
Credits
LiquidWorm, Gjoko 'LiquidWorm' Krstic @zeroscience
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:40:42.657508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:40:51.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReQuest Serious Play Media Player",
"vendor": "ReQuest Serious Play LLC",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0.831"
},
{
"status": "affected",
"version": "1.5.2.822"
},
{
"status": "affected",
"version": "1.5.2.821"
},
{
"status": "affected",
"version": "1.5.1.820"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:17:37.980Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Exploit Database Entry 48949",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48949"
},
{
"name": "Zero Science Advisory ZSL-2020-5599",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36878",
"datePublished": "2025-12-05T17:17:37.980Z",
"dateReserved": "2025-12-05T12:03:54.239Z",
"dateUpdated": "2025-12-08T17:40:51.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36878 (GCVE-0-2020-36878)
Vulnerability from nvd – Published: 2025-12-05 17:17 – Updated: 2025-12-08 17:40
VLAI?
Title
ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
Summary
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ReQuest Serious Play LLC | ReQuest Serious Play Media Player |
Affected:
3.0.0
Affected: 2.1.0.831 Affected: 1.5.2.822 Affected: 1.5.2.821 Affected: 1.5.1.820 |
Credits
LiquidWorm, Gjoko 'LiquidWorm' Krstic @zeroscience
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:40:42.657508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:40:51.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReQuest Serious Play Media Player",
"vendor": "ReQuest Serious Play LLC",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0.831"
},
{
"status": "affected",
"version": "1.5.2.822"
},
{
"status": "affected",
"version": "1.5.2.821"
},
{
"status": "affected",
"version": "1.5.1.820"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:17:37.980Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Exploit Database Entry 48949",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48949"
},
{
"name": "Zero Science Advisory ZSL-2020-5599",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36878",
"datePublished": "2025-12-05T17:17:37.980Z",
"dateReserved": "2025-12-05T12:03:54.239Z",
"dateUpdated": "2025-12-08T17:40:51.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}