—
DRUPAL-CONTRIB-2026-062
Details
Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules.
One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability.
This vulnerability is mitigated by the fact that a view must exist, that uses the aforementioned filter and it is set to accept user input.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist:https://packages.drupal.org/8 / drupal/geolocation
Introduced in:
0 Fixed in: 3.15.0 Upgrade drupal/geolocation to 3.15.0 or newer (ecosystem packagist:https://packages.drupal.org/8).