The Location Selector module provides a Views filter for selecting location values.
One of the provided Views filters does not sufficiently sanitize values that may come from user input, resulting in a SQL injection vulnerability.
This vulnerability is mitigated by the fact that a View must exist that uses the affected filter and is configured to accept user input.
Install the latest version:
- If you use the Location Selector module for Drupal, upgrade to Location Selector 8.x-1.3
- Drew Webber (mcdruid) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Drew Webber (mcdruid) of the Drupal Security Team
- Juraj Nemec (poker10) of the Drupal Security Team