Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ReQuest Serious Play Media Player by ReQuest Serious Play LLC
CVE-2020-36878 (GCVE-0-2020-36878)
Vulnerability from nvd – Published: 2025-12-05 17:17 – Updated: 2026-04-07 14:04
VLAI
EPSS
VEX
Title
ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
Summary
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48949 | exploit |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | vendor-advisory |
| https://www.vulncheck.com/advisories/request-seri… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReQuest Serious Play LLC | ReQuest Serious Play Media Player |
Affected:
3.0.0
Affected: 2.1.0.831 Affected: 1.5.2.822 Affected: 1.5.2.821 Affected: 1.5.1.820 |
Date Public
2020-10-26 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:40:42.657508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:40:51.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReQuest Serious Play Media Player",
"vendor": "ReQuest Serious Play LLC",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0.831"
},
{
"status": "affected",
"version": "1.5.2.822"
},
{
"status": "affected",
"version": "1.5.2.821"
},
{
"status": "affected",
"version": "1.5.1.820"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
}
],
"datePublic": "2020-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:04:58.371Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Exploit Database Entry 48949",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48949"
},
{
"name": "Zero Science Advisory ZSL-2020-5599",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36878",
"datePublished": "2025-12-05T17:17:37.980Z",
"dateReserved": "2025-12-05T12:03:54.239Z",
"dateUpdated": "2026-04-07T14:04:58.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36878 (GCVE-0-2020-36878)
Vulnerability from cvelistv5 – Published: 2025-12-05 17:17 – Updated: 2026-04-07 14:04
VLAI
EPSS
VEX
Title
ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
Summary
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48949 | exploit |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | vendor-advisory |
| https://www.vulncheck.com/advisories/request-seri… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReQuest Serious Play LLC | ReQuest Serious Play Media Player |
Affected:
3.0.0
Affected: 2.1.0.831 Affected: 1.5.2.822 Affected: 1.5.2.821 Affected: 1.5.1.820 |
Date Public
2020-10-26 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:40:42.657508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:40:51.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReQuest Serious Play Media Player",
"vendor": "ReQuest Serious Play LLC",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.1.0.831"
},
{
"status": "affected",
"version": "1.5.2.822"
},
{
"status": "affected",
"version": "1.5.2.821"
},
{
"status": "affected",
"version": "1.5.1.820"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
}
],
"datePublic": "2020-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:04:58.371Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Exploit Database Entry 48949",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48949"
},
{
"name": "Zero Science Advisory ZSL-2020-5599",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36878",
"datePublished": "2025-12-05T17:17:37.980Z",
"dateReserved": "2025-12-05T12:03:54.239Z",
"dateUpdated": "2026-04-07T14:04:58.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}