PT-2026-23649 · Talishar · Talishar
Published
2026-03-06
·
Updated
2026-03-11
·
CVE-2026-28429
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Talishar versions prior to commit 6be3871
Description
A Path Traversal issue exists in Talishar, a fan-made Flesh and Blood project. The
gameName parameter is susceptible to directory traversal sequences (e.g., ../) due to a lack of internal sanitization within the ParseGamestate.php component when accessed directly as a standalone script. This could allow for unauthorized file access.Recommendations
Update to commit 6be3871 or later to address this issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Talishar