Name of the Vulnerable Software and Affected Versions:

Tilesheets MediaWiki Extension (affected versions not specified)

Description:

The Tilesheets MediaWiki Extension includes a table lookup parser function that retrieves images based on item requests. A missing backtick in a query executed by the extension allows for the potential insertion and execution of malicious SQL code.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.