CVE-2020-36877
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| debian | debian_gnu/linux | 5.0 |
| apache | http_server | 2.2.22 |
| php | php | 5.4.45 |
| request | serious_play_f3_media_server | 6.4.2.4681 |
| request | serious_play_f3_media_server | 7.0.2.4954 |
| request | serious_play_f3_media_server | 6.5.2.4954 |
| request | serious_play_f3_media_server | 7.0.3 |
| request | serious_play_f3_media_server | 2.0.1.823 |
| apache | http_server | 2.2.9 |
| php | php | 5.2.6-1 |
| request | serious_play_f3_media_server | 6.3.2.4203 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Quick File Uploader page at /tools/upload.html or /shared/upload.php on the ReQuest Serious Play F3 Media Server. One detection method involves verifying the presence of a specific string ("000000000000") in the /MP3/ directory listing on the server. Additionally, sending a crafted multipart/form-data POST request to upload a PHP file and checking the server response for the uploaded file can confirm vulnerability. A proof-of-concept Python3 script automates these steps, including verifying the target, uploading a PHP reverse shell payload, and confirming the upload. Network detection could involve monitoring for unusual POST requests to /tools/upload.html or /shared/upload.php containing PHP payloads. [1]
Can you explain this vulnerability to me?
This vulnerability exists in ReQuest Serious Play F3 Media Server 7.0.3 and allows an unauthenticated attacker to execute arbitrary commands on the server as the web server user. The attacker can upload PHP executable files through the Quick File Uploader page, which leads to remote code execution on the server.
How can this vulnerability impact me? :
This vulnerability can allow attackers to take control of the affected server by executing arbitrary commands remotely without authentication. This can lead to unauthorized access, data theft, server manipulation, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the Quick File Uploader pages (/tools/upload.html and /shared/upload.php) to prevent unauthenticated file uploads. Applying access controls or authentication to these endpoints can block unauthorized usage. Additionally, updating or patching the ReQuest Serious Play F3 Media Server to a version that addresses this vulnerability is recommended once available. Monitoring and blocking suspicious POST requests attempting to upload PHP files can also help reduce risk until a patch is applied. [1, 2, 3]