CVE-2020-36877

UNKNOWN 0.0

ReQuest Serious Play F3 Media Server <= 7.0.3 code execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

CWE	CWE-78
Vendor	request serious play llc
Product	request serious play pro
Published	Dec 5, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for request serious play llc request serious play pro

Be the first to know when new unknown vulnerabilities affecting request serious play llc request serious play pro are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ReQuest Serious Play LLC / ReQuest Serious Play Pro

7.0.3.4968

ReQuest Serious Play LLC / ReQuest Serious Play

7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48952 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php request.com: http://request.com/ vulncheck.com: https://www.vulncheck.com/advisories/request-serious-play-f-media-server-unauthenticated-rce

Credits

LiquidWorm, Gjoko 'LiquidWorm' Krstic, Macedonian Information Security Research and Development Laboratory, Zero Science Lab - https://www.zeroscience.mk - @zeroscience