Description
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone script. In this scenario, the absence of internal sanitization allows for directory traversal sequences (e.g., ../) to be processed, potentially leading to unauthorized file access. This issue has been patched in commit 6be3871.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Talishar/Talishar/security/advisories/GHSA-f386-xhcw-jrx8
Scores
CVSS v3
7.5
EPSS
0.0043
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
talishar/talishar
< 2026-02-22
Talishar/Talishar
< 6be3871a14c192d1fb8146cdbc76f29f27c1cf48
Published
Mar 06, 2026
Tracked Since
Mar 06, 2026