Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ReQuest Serious Play Media Player by ReQuest Serious Play LLC

    CVE-2020-36878 (GCVE-0-2020-36878)

    Vulnerability from nvd – Published: 2025-12-05 17:17 – Updated: 2026-04-07 14:04
    VLAI
    Title
    ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
    Summary
    ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    ReQuest Serious Play LLC ReQuest Serious Play Media Player Affected: 3.0.0
    Affected: 2.1.0.831
    Affected: 1.5.2.822
    Affected: 1.5.2.821
    Affected: 1.5.1.820
    Create a notification for this product.
    Date Public
    2020-10-26 00:00
    Credits
    LiquidWorm, Gjoko 'LiquidWorm' Krstic @zeroscience
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-08T17:40:42.657508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-08T17:40:51.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReQuest Serious Play Media Player",
              "vendor": "ReQuest Serious Play LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0.831"
                },
                {
                  "status": "affected",
                  "version": "1.5.2.822"
                },
                {
                  "status": "affected",
                  "version": "1.5.2.821"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.820"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
            }
          ],
          "datePublic": "2020-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
                }
              ],
              "value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:58.371Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Exploit Database Entry 48949",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/48949"
            },
            {
              "name": "Zero Science Advisory ZSL-2020-5599",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36878",
        "datePublished": "2025-12-05T17:17:37.980Z",
        "dateReserved": "2025-12-05T12:03:54.239Z",
        "dateUpdated": "2026-04-07T14:04:58.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36878 (GCVE-0-2020-36878)

    Vulnerability from cvelistv5 – Published: 2025-12-05 17:17 – Updated: 2026-04-07 14:04
    VLAI
    Title
    ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure
    Summary
    ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    ReQuest Serious Play LLC ReQuest Serious Play Media Player Affected: 3.0.0
    Affected: 2.1.0.831
    Affected: 1.5.2.822
    Affected: 1.5.2.821
    Affected: 1.5.1.820
    Create a notification for this product.
    Date Public
    2020-10-26 00:00
    Credits
    LiquidWorm, Gjoko 'LiquidWorm' Krstic @zeroscience
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-08T17:40:42.657508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-08T17:40:51.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReQuest Serious Play Media Player",
              "vendor": "ReQuest Serious Play LLC",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0.831"
                },
                {
                  "status": "affected",
                  "version": "1.5.2.822"
                },
                {
                  "status": "affected",
                  "version": "1.5.2.821"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.820"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:3.0.0:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:2.1.0.831:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.2.822:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.2.821:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:request:serious_play:1.5.1.820:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm, Gjoko \u0027LiquidWorm\u0027 Krstic @zeroscience"
            }
          ],
          "datePublic": "2020-10-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
                }
              ],
              "value": "ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the \u0027file\u0027 parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:58.371Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Exploit Database Entry 48949",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/48949"
            },
            {
              "name": "Zero Science Advisory ZSL-2020-5599",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "ReQuest Serious Play F3 Media Player \u003c= 3.0.0 Directory Traversal File Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36878",
        "datePublished": "2025-12-05T17:17:37.980Z",
        "dateReserved": "2025-12-05T12:03:54.239Z",
        "dateUpdated": "2026-04-07T14:04:58.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }