CVE-2025-54865
Published
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
Adds a parser function that looks up a table for an item and returns the requested image.
GitHub