Intel

AIKIDO-2026-64960

drupal/geolocation is vulnerable to SQL Injection

SQL InjectionCVE-2026-13242 Published Jun 25, 2026

95

Critical Risk

This Affects:

PHPdrupal/geolocation
0.0.1 - 3.14.0
Fixed in 3.15.0
Are you affected? Scan for Free

TL;DR

The Drupal Geolocation module contains a SQL injection vulnerability due to insufficient sanitization in an exposed Views filter. The issue only affects sites with a View that uses the vulnerable filter and is configured to accept user-supplied input.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/geolocation is vulnerable to SQL Injection in versions 0.0.1 - 3.14.0.

How to fix this

Upgrade the drupal/geolocation library to the patch version.