Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection

August 4, 2025 invoker category_cve

CVE Details

Basic Information

Title Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection
Type cve
Published 2025-08-05T00:03:46.948Z
Modified 2025-08-05T00:03:46.948Z

Product Information

Vendor FTB-Gamepedia
Product Tilesheets
Version <= 5.0.3

CVSS Information

Base Score 7.3 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Analysis

AI Description The Tilesheets MediaWiki Extension is vulnerable to SQL injection due to a missing backtick in a query, allowing potential execution of malicious SQL code.
AI Severity High
AI Vendor FTB-Gamepedia
AI Product Tilesheets MediaWiki Extension
AI Version 5.0.3 and earlier

Affected Products

  • FTB-Gamepedia Tilesheets <= 5.0.3

Additional Information

CWE List CWE-89
Source GitHub_M

Description

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.