DRUPAL-CONTRIB-2026-062

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/geolocation/DRUPAL-CONTRIB-2026-062.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-062
Aliases
  • CVE-2026-13242
Published
2026-06-24T18:46:12Z
Modified
2026-06-24T19:15:05.838444008Z
Summary
[none]
Details

Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules.

One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability.

This vulnerability is mitigated by the fact that a view must exist, that uses the aforementioned filter and it is set to accept user input.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/geolocation

Package

Name
drupal/geolocation
Purl
pkg:composer/drupal%2Fgeolocation

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0
Database specific 
{
    "constraint": "<3.15.0"
}

Database specific

affected_versions 
"<3.15.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/geolocation/DRUPAL-CONTRIB-2026-062.json"