CNNVD-202508-292 Information
CNNVD ID
CNNVD-202508-292
Related CVE
- CNNVD Published: 2025-08-05
Description (Chinese)
Tilesheets MediaWiki Extension是Official FTB Wiki开源的一个MediaWiki的扩展。 Tilesheets MediaWiki Extension存在SQL注入漏洞,该漏洞源于查询缺少反引号,可能导致SQL注入攻击。
Description (English)
Tilesheets MediaWiki Extension is an extension of MediaWiki from the Open Source of Official FTB Wiki. Tilesheets MediaWiki Extension has an injection loophole in SQL, which stems from the lack of an inverted quote for the query, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
Official FTB Wiki
Published
2025-08-05
Last Modified
2026-02-24
References
https://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87 https://github.com/FTB-Gamepedia/Tilesheets/blob/8debbf8ee6ddb02bf9c756bab5c085b007d72c50/special/SheetManager.php#L255 https://access.redhat.com/security/cve/cve-2025-54865
Patch
https://github.com/FTB-Gamepedia/Tilesheets/tags
Share on: