—
DRUPAL-CONTRIB-2026-072
Details
The Location Selector module provides a Views filter for selecting location values.
One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.
This vulnerability is mitigated by the fact that a View must exist that uses the affected filter and is configured to accept user input.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist:https://packages.drupal.org/8 / drupal/location_selector
Introduced in:
0 Fixed in: 1.3.0 Upgrade drupal/location_selector to 1.3.0 or newer (ecosystem packagist:https://packages.drupal.org/8).