{"id":"CVE-2025-54865","summary":"Tilesheets MediaWiki Extension  is Vulnerable to Potential SQL Injection","details":"Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.","aliases":["GHSA-hqfr-7cm9-4h87"],"modified":"2026-04-02T12:54:05.037542Z","published":"2025-08-05T00:03:46.948Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54865.json","cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/FTB-Gamepedia/Tilesheets/blob/8debbf8ee6ddb02bf9c756bab5c085b007d72c50/special/SheetManager.php#L255"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54865.json"},{"type":"ADVISORY","url":"https://github.com/FTB-Gamepedia/Tilesheets/security/advisories/GHSA-hqfr-7cm9-4h87"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54865"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ftb-gamepedia/tilesheets","events":[{"introduced":"c813ad7fac0b02c8ce878ebfeae3d9536fc7cfc4"},{"fixed":"d74b80a1e2a7c4b753da52bbe05eb3035b308425"}]}],"versions":["5.0.1","5.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54865.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}