VDB
KO

DRUPAL-CONTRIB-2026-072

Details

The Location Selector module provides a Views filter for selecting location values.

One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.

This vulnerability is mitigated by the fact that a View must exist that uses the affected filter and is configured to accept user input.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/location_selector
Introduced in: 0 Fixed in: 1.3.0

Upgrade drupal/location_selector to 1.3.0 or newer (ecosystem packagist:https://packages.drupal.org/8).

References