PT-2025-49272 · Unknown · Request Serious Play Media Player
Published
2025-12-05
·
Updated
2025-12-05
·
CVE-2020-36878
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ReQuest Serious Play Media Player version 3.0
Description
The software contains an unauthenticated file disclosure issue. Input provided through the
file parameter is not sufficiently verified before being used to read web log files. This could allow attackers to disclose the contents of local files. The vulnerable parameter is file.Recommendations
Ensure proper verification of input passed through the
file parameter.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Request Serious Play Media Player