ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal
Posted by deepcore on October 20, 2020 – 4:15 pm
ReQuest Serious Play Media Player version 3.0 suffers from an unauthenticated file disclosure vulnerability when input passed through the file parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.
Post a reply
You must be logged in to post a comment.