CVE-2025-54865 Information

Description

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.

Reference

https://github.com/FTB-Gamepedia/Tilesheets/blob/8debbf8ee6ddb02bf9c756bab5c085b007d72c50/special/SheetManager.php#L255 https://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87

Related CNNVD

CNNVD-202508-292 (Published: 2025-08-05)