CVE-2020-36877

🗓️ 05 Dec 2025 17:16:50Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 9 Views🌐 WEB

Unauthenticated remote code execution in ReQuest Serious Play F3 Media Server 7.0.3 via Quick File Uploader.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2020-36877	5 Dec 202518:59	–	circl
CNNVD	ReQuest Serious Play F3 Media Server 操作系统命令注入漏洞	5 Dec 202500:00	–	cnnvd
Cvelist	CVE-2020-36877 ReQuest Serious Play F3 Media Server <= 7.0.3 code execution	5 Dec 202517:16	–	cvelist
EUVD	EUVD-2020-30827	5 Dec 202517:16	–	euvd
NVD	CVE-2020-36877	5 Dec 202518:15	–	nvd
Positive Technologies	PT-2025-49271	5 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2020-36877	6 Dec 202517:54	–	redhatcve
Vulnrichment	CVE-2020-36877 ReQuest Serious Play F3 Media Server <= 7.0.3 code execution	5 Dec 202517:16	–	vulnrichment
Zero Science Lab	ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution	18 Oct 202000:00	–	zeroscience

Vulners

CNA

Node

request_serious_play request_serious_play_proMatch7.0.3.4968

request_serious_play request_serious_playMatch7.0.2.4954

request_serious_play request_serious_playMatch6.5.2.4954

request_serious_play request_serious_playMatch6.4.2.4681

request_serious_play request_serious_playMatch6.3.2.4203

request_serious_play request_serious_playMatch2.0.1.823

[
  {
    "defaultStatus": "unknown",
    "product": "ReQuest Serious Play Pro",
    "vendor": "ReQuest Serious Play LLC",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.3.4968"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "ReQuest Serious Play",
    "vendor": "ReQuest Serious Play LLC",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.2.4954"
      },
      {
        "status": "affected",
        "version": "6.5.2.4954"
      },
      {
        "status": "affected",
        "version": "6.4.2.4681"
      },
      {
        "status": "affected",
        "version": "6.3.2.4203"
      },
      {
        "status": "affected",
        "version": "2.0.1.823"
      }
    ]
  }
]

Source	Link
request	www.request.com/
vulncheck	www.vulncheck.com/advisories/request-serious-play-f-media-server-unauthenticated-rce
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php
exploit-db	www.exploit-db.com/exploits/48952

Parameter	Position	Path	Description	CWE
uploadedfile	request body	tools/upload.html	Unauthenticated PHP file upload leading to remote code execution via the Quick File Uploader page.	CWE-78
location	request body	tools/upload.html	Unauthenticated PHP file upload leading to remote code execution via the Quick File Uploader page.	CWE-78
uploadedfile	request body	shared/upload.php	Backend endpoint receiving the uploaded PHP payload enabling remote code execution.	CWE-78
location	request body	shared/upload.php	Backend endpoint receiving the uploaded PHP payload enabling remote code execution.	CWE-78

17 Jun 2026 03:16Current

8.7High risk

Vulners AI Score8.7

CVSS 49.3

EPSS0.00605

SSVC

CWE-78