Date: 
2026-July-08
Vulnerability: 
SQL Injection
Affected versions: 
<1.3.0
CVE IDs: 
CVE-2026-15081
Description: 

The Location Selector module provides a Views filter for selecting location values.

One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.

This vulnerability is mitigated by the fact that a View must exist that uses the affected filter and is configured to accept user input.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: