Skip to main content

Geolocation Field

1 CVEs product

Monthly

CVE-2026-13242 PHP MEDIUM PATCH This Month

SQL injection in the Drupal Geolocation Field contributed module exposes sites to unauthenticated database read and partial write access across all module versions prior to 3.15.0. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the attack requires no authentication and no user interaction, making it remotely triggerable against any publicly reachable Drupal installation running the affected module. Impact is bounded by C:L/I:L/A:N - partial data disclosure and modification without availability disruption or full database takeover. No active exploitation has been confirmed (no CISA KEV listing), and EPSS sits at a low 0.16% (5th percentile), indicating minimal current attacker interest. A vendor patch is available.

SQLi Geolocation Field
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

SQL injection in the Drupal Geolocation Field contributed module exposes sites to unauthenticated database read and partial write access across all module versions prior to 3.15.0. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the attack requires no authentication and no user interaction, making it remotely triggerable against any publicly reachable Drupal installation running the affected module. Impact is bounded by C:L/I:L/A:N - partial data disclosure and modification without availability disruption or full database takeover. No active exploitation has been confirmed (no CISA KEV listing), and EPSS sits at a low 0.16% (5th percentile), indicating minimal current attacker interest. A vendor patch is available.

SQLi Geolocation Field
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy