PT-2025-49271 · Unknown · Request Serious Play F3 Media Server

Published

2025-12-05

Updated

2025-12-05

CVE-2020-36877

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ReQuest Serious Play F3 Media Server version 7.0.3

Description The software contains an unauthenticated remote code execution issue. Attackers can upload PHP executable files through the Quick File Uploader page, leading to the execution of arbitrary commands as the web server user. The affected API endpoint is the Quick File Uploader page. The vulnerable parameter is the file uploaded through the Quick File Uploader page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-36877

Affected Products

Request Serious Play F3 Media Server

PT-2025-49271 · Unknown · Request Serious Play F3 Media Server

CVE-2020-36877

Weakness Enumeration

Related Identifiers

Affected Products

References · 6