{"id":"DRUPAL-CONTRIB-2026-072","details":"The Location Selector module provides a Views filter for selecting location values.\n\nOne of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.\n\nThis vulnerability is mitigated by the fact that a View must exist that uses the affected filter and is configured to accept user input.","aliases":["CVE-2026-15081"],"modified":"2026-07-08T19:00:04.885454069Z","published":"2026-07-08T17:14:27Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2026-072"}],"affected":[{"package":{"name":"drupal/location_selector","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/location_selector"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}],"database_specific":{"constraint":"\u003c1.3.0"}}],"database_specific":{"source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/location_selector/DRUPAL-CONTRIB-2026-072.json","affected_versions":"\u003c1.3.0"}}],"schema_version":"1.7.5","credits":[{"name":"Drew Webber (mcdruid)","contact":["https://www.drupal.org/u/mcdruid"]}]}