CVE-2020-36877

ReQuest Serious Play F3 Media Server <= 7.0.3 code execution

Description

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

INFO

Published Date :

2025-12-05T17:16:50.376Z

Last Modified :

2026-04-07T14:04:57.540Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2020-36877 vulnerability.

Vendors	Products
Request	Serious Play Pro

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-36877.

URL	Resource
http://request.com/
https://www.exploit-db.com/exploits/48952
https://www.vulncheck.com/advisories/request-serious-play-f-media-server-unauthenticated-rce
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability