A Path Traversal vulnerability was discovered in Talishar, a fan-made Flesh and Blood project. The vulnerability exists in the gameName parameter of the ParseGamestate.php component, which can be accessed directly as a standalone script. The absence of internal sanitization allows directory traversal sequences (../) to be processed, potentially leading to unauthorized file access. While the application's primary entry points implement input validation, this component bypasses those protections when accessed directly. The issue has been patched in commit 6be3871.