PT-2026-21847 · Talishar · Talishar
Qu0Kk4
·
Published
2026-02-25
·
Updated
2026-02-25
·
CVE-2026-27632
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Talishar versions prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48
Description
The Talishar application does not have Cross-Site Request Forgery (CSRF) protections on critical endpoints that change application state. Specifically, the
SubmitChat.php file and other game interaction handlers are affected. This allows malicious websites to forge requests on behalf of authenticated users, potentially leading to unauthorized actions within active game sessions. An attacker would need to know the gameName and playerID of the player, and the player would need to be browsing the malicious website while playing a game.Recommendations
Update to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Talishar