CVE-2025-54865: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FTB-Gamepedia Tilesheets
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
CVE-2025-54865: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FTB-Gamepedia Tilesheets
Description
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-31T17:23:33.472Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 689154aead5a09ad00e467ff
Added to database: 8/5/2025, 12:47:42 AM
Last updated: 8/5/2025, 12:47:42 AM
Views: 1
Related Threats
CVE-2025-8537: Allocation of Resources in Axiomatic Bento4
MediumCVE-2025-8535: Cross Site Scripting in cronoh NanoVault
MediumCVE-2025-54871: CWE-284: Improper Access Control in steveseguin electroncapture
MediumCVE-2025-54870: CWE-636: Not Failing Securely ('Failing Open') in leakingmemory vtun-ng
HighCVE-2025-54804: CWE-190: Integer Overflow or Wraparound in Eugeny russh
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.