Talishar: Critical Path Traversal in gameName Parameter

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone script. In this scenario, the absence of internal sanitization allows for directory traversal sequences (e.g., ../) to be processed, potentially leading to unauthorized file access. This issue has been patched in commit 6be3871.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Talishar 路径遍历漏洞

Talishar是Talishar开源的一个游戏客户端。 Talishar 6be3871之前版本存在路径遍历漏洞，该漏洞源于ParseGamestate.php组件中gameName参数存在路径遍历，可能导致未经授权的文件访问。

N/A

N/A