Tilesheets 5.0.1-5.0.3 - SQL Injection via Missing Backtick in Query
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.