Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2611 articles · 173172 vulns · 37/41 feeds (7d)
← Back to list
EST
PRE-CVEPATCHED
drupal · location selector

Critical SQL Injection Vulnerability in Drupal Location Selector

72% confidence

Description

A critical SQL Injection vulnerability exists in the Drupal Location Selector module affecting versions prior to 1.3.0. This vulnerability allows attackers to execute arbitrary SQL commands via crafted input.

Affected Products

VendorProductVersions
drupallocation selector< 1.3.0

Related News (1 articles)

Tier B
CCCS Canada3h ago
Drupal security advisory (AV26-676)
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
1.3.0
CWECWE-89
PublishedJul 8, 2026
Last enriched3h ago
Tags
sql injectioncriticaldrupallocation selector
Trending Score30
Source articles1
Independent1
Info Completeness8/14
Missing: cve_id, cvss, epss, kev, exploit, iocs

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALPRE-CVE
Critical SQL Injection and Access Bypass Vulnerabilities in Drupal Geolocation Field and WissKI Modules
Trending: 6
CRITICALPRE-CVE
Multiple vulnerabilities in Drupal core and contributed modules
Trending: 3
CRITICALCVE-2026-9082EXPKEV
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Trending: 1
LOWCVE-2026-8491
Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034
CRITICALPRE-CVE
Critical Arbitrary PHP Code Execution in Drupal AlternativeCommerce (Basket)

Pin to Dashboard

Verification

State: reported
Confidence: 72%

Vulnerability Timeline

CVE Published
Jul 8, 2026
Patch Available
Jul 8, 2026
Discovered by ZDM
Jul 8, 2026