Back to search
CVE-2020-36877
Published: Dec 5, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
| Vendor | Product | Versions |
|---|---|---|
ReQuest Serious Play LLC | ReQuest Serious Play Pro | affected 7.0.3.4968 |
ReQuest Serious Play LLC | ReQuest Serious Play | affected 7.0.2.4954affected 6.5.2.4954affected 6.4.2.4681affected 6.3.2.4203affected 2.0.1.823 |
Weaknesses (CWE)
References
Exploit Database Entry 48952
exploit
Vendor Security Advisory for ZSL-2020-5602
vendor-advisory
Official Product Homepage
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now