PT-2026-56661 · Drupal · Location Selector
Drew Webber
+3
·
Published
2026-07-08
·
Updated
2026-07-10
·
CVE-2026-15081
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Location Selector versions 0.0.0 through 1.3.0
Description
An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize values derived from user input, allowing for the improper neutralization of special elements used in an SQL command. This issue is mitigated if no View using the affected filter is configured to accept user input.
Recommendations
Update Location Selector to a version later than 1.3.0.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Location Selector