Location Selector
Monthly
SQL injection in the Drupal Location Selector contributed module (all releases from 0.0.0 up to and including 1.3.0) lets remote attackers inject arbitrary SQL through improperly neutralized input, exposing and modifying database contents. The CVSS 3.1 base score is 7.4 with a network vector but high attack complexity, and the affected products confirm the Drupal 'location_selector' contrib module rather than Drupal core. There is no public exploit identified at time of analysis, and the EPSS score is low at 0.19% (9th percentile), indicating little near-term mass-exploitation pressure.
SQL injection in the Drupal Location Selector contributed module (all releases from 0.0.0 up to and including 1.3.0) lets remote attackers inject arbitrary SQL through improperly neutralized input, exposing and modifying database contents. The CVSS 3.1 base score is 7.4 with a network vector but high attack complexity, and the affected products confirm the Drupal 'location_selector' contrib module rather than Drupal core. There is no public exploit identified at time of analysis, and the EPSS score is low at 0.19% (9th percentile), indicating little near-term mass-exploitation pressure.