PT-2026-56661 · Drupal · Location Selector

Drew Webber

+3

·

Published

2026-07-08

·

Updated

2026-07-10

·

CVE-2026-15081

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Location Selector versions 0.0.0 through 1.3.0
Description An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize values derived from user input, allowing for the improper neutralization of special elements used in an SQL command. This issue is mitigated if no View using the affected filter is configured to accept user input.
Recommendations Update Location Selector to a version later than 1.3.0.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15081
DRUPAL-CONTRIB-2026-072

Affected Products

Location Selector