PT-2026-52175 · Drupal+1 · Geolocation Field+1
Christian Adamski
+6
·
Published
2026-06-24
·
Updated
2026-07-10
·
CVE-2026-13242
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal Geolocation Field versions 0.0.0 through 3.15.0
Description
An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs because one of the views filters does not sufficiently sanitize values when they are exposed to user input. This allows for the improper neutralization of special elements used in an SQL command. The risk is limited to scenarios where a view is configured to use the affected filter and is set to accept user input.
Recommendations
Update Drupal Geolocation Field to a version later than 3.15.0.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Geolocation Field
Drupal/Geolocation