SQL Injection Vulnerability in Drupal Geolocation Field
CVE-2026-13242

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-13242?

A vulnerability has been identified in the Drupal Geolocation Field, allowing attackers to execute arbitrary SQL queries via improperly sanitized input. This risk could lead to unauthorized access to sensitive data or manipulation of the database. The issue affects various versions of the Geolocation Field module, specifically from version 0.0.0 to 3.15.0. It is crucial for administrators to review and apply the latest updates to mitigate this threat.

Affected Version(s)

Geolocation Field 0.0.0 < 3.15.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Maturi (michaelmaturi)
Michael Maturi (michaelmaturi)
Christian Adamski (christianadamski)
cilefen (cilefen)
Neil Drumm (drumm)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.