Intel

AIKIDO-2026-783242

drupal/location_selector is vulnerable to SQL Injection

SQL InjectionCVE-2026-15081 Published 3 days ago

85

High Risk

This Affects:

PHPdrupal/location_selector
1.0.0 - 1.2.0
Fixed in 1.3.0
Are you affected? Scan for Free

TL;DR

The Location Selector module provides a Views filter for selecting location values. One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/location_selector is vulnerable to SQL Injection in versions 1.0.0 - 1.2.0.

How to fix this

Upgrade the drupal/location_selector module to the patch version.