CVE-2020-36878

EUVD-2020-30826
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/48949
https://www.vulncheck.com/advisories/request-serious-play-f-media-player-directory-traversal-file-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php