CVE-2020-36877

critical

Description

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php

https://www.vulncheck.com/advisories/request-serious-play-f-media-server-unauthenticated-rce

https://www.exploit-db.com/exploits/48952

http://request.com/

Details

Source: Mitre, NVD

Published: 2025-12-05

Updated: 2025-12-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00409