SQL Injection Vulnerability in Drupal Location Selector Plugin
CVE-2026-15081

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15081?

The Drupal Location Selector plugin has been identified with a vulnerability that permits improper neutralization of special elements in SQL commands, leading to the potential execution of SQL injection attacks. This flaw affects Location Selector versions between 0.0.0 and 1.3.0, allowing attackers to manipulate database queries, which can result in unauthorized access to sensitive data or alter the database structure. It is crucial for users of affected versions to apply patches or updates to mitigate this risk.

Affected Version(s)

Location Selector 0.0.0 < 1.3.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber (mcdruid)
handkerchief
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
.