๐Ÿ” CVE Alert

CVE-2026-15081

HIGH 7.4

Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072

CVSS Score
7.4
EPSS Score
0.2%
EPSS Percentile
9th

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0.

CWE CWE-89
Vendor drupal
Product location selector
Ecosystems
Industries
WebMedia
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for drupal location selector

Be the first to know when new high vulnerabilities affecting drupal location selector are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / Location Selector
0.0.0 < 1.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-072

Credits

Drew Webber (mcdruid) handkerchief Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)