CVE-2020-36878

Vulnerability Description

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

Related Weaknesses (CWE)

CWE-73

References

https://www.exploit-db.com/exploits/48949
https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directo
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php

FAQ

What is CVE-2020-36878?

CVE-2020-36878 is a documented vulnerability. ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used ...

How severe is CVE-2020-36878?

CVSS scoring is not yet available for CVE-2020-36878. Check NVD for updates.

Is there a patch for CVE-2020-36878?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.