SQL Injection Vulnerability in Drupal Location Selector Plugin
CVE-2026-15081
Currently unrated
What is CVE-2026-15081?
The Drupal Location Selector plugin has been identified with a vulnerability that permits improper neutralization of special elements in SQL commands, leading to the potential execution of SQL injection attacks. This flaw affects Location Selector versions between 0.0.0 and 1.3.0, allowing attackers to manipulate database queries, which can result in unauthorized access to sensitive data or alter the database structure. It is crucial for users of affected versions to apply patches or updates to mitigate this risk.
Affected Version(s)
Location Selector 0.0.0 < 1.3.0
