Skip to main content

Location Selector

1 CVEs product

Monthly

CVE-2026-15081 PHP HIGH PATCH This Week

SQL injection in the Drupal Location Selector contributed module (all releases from 0.0.0 up to and including 1.3.0) lets remote attackers inject arbitrary SQL through improperly neutralized input, exposing and modifying database contents. The CVSS 3.1 base score is 7.4 with a network vector but high attack complexity, and the affected products confirm the Drupal 'location_selector' contrib module rather than Drupal core. There is no public exploit identified at time of analysis, and the EPSS score is low at 0.19% (9th percentile), indicating little near-term mass-exploitation pressure.

SQLi Location Selector
NVD
CVSS 3.1
7.4
EPSS
0.2%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

SQL injection in the Drupal Location Selector contributed module (all releases from 0.0.0 up to and including 1.3.0) lets remote attackers inject arbitrary SQL through improperly neutralized input, exposing and modifying database contents. The CVSS 3.1 base score is 7.4 with a network vector but high attack complexity, and the affected products confirm the Drupal 'location_selector' contrib module rather than Drupal core. There is no public exploit identified at time of analysis, and the EPSS score is low at 0.19% (9th percentile), indicating little near-term mass-exploitation pressure.

SQLi Location Selector
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy