CVE-2020-36878

High CVSS: 8.7

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

Vendor

Product

CWE

CWE-73

Yayın Tarihi

2025-12-05 18:15:53

Güncelleme

2025-12-08 18:26:49

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-73 HIGH 2025

Referanslar

https://www.exploit-db.com/exploits/48949 https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php