Home

Description

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

PUBLISHED Reserved 2025-12-05 | Published 2025-12-05 | Updated 2025-12-05 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-73 External Control of File Name or Path

Product status

Default status
unaffected

3.0.0
affected

2.1.0.831
affected

1.5.2.822
affected

1.5.2.821
affected

1.5.1.820
affected

Credits

LiquidWorm, Gjoko 'LiquidWorm' Krstic @zeroscience finder

References

www.exploit-db.com/exploits/48949 (Exploit Database Entry 48949) exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php (Zero Science Advisory ZSL-2020-5599) vendor-advisory

www.vulncheck.com/...yer-directory-traversal-file-disclosure third-party-advisory

cve.org (CVE-2020-36878)

nvd.nist.gov (CVE-2020-36878)