Description

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone script. In this scenario, the absence of internal sanitization allows for directory traversal sequences (e.g., ../) to be processed, potentially leading to unauthorized file access. This issue has been patched in commit 6be3871.

INFO

Published Date :

2026-03-06T04:59:49.629Z

Last Modified :

2026-03-06T04:59:49.629Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28429 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28429.

URL Resource
https://github.com/Talishar/Talishar/commit/6be3871a14c192d1fb8146cdbc76f29f27c1cf48 cve-icon cve-icon
https://github.com/Talishar/Talishar/security/advisories/GHSA-f386-xhcw-jrx8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact