Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2576 articles · 173127 vulns · 37/41 feeds (7d)
← Back to list
EST
PRE-CVEPATCHED
drupal · location selector

Critical SQL Injection Vulnerability in Drupal Location Selector

72% confidence

Description

A critical SQL Injection vulnerability exists in the Drupal Location Selector module affecting versions prior to 1.3.0. This vulnerability allows attackers to execute arbitrary SQL commands via crafted input.

Affected Products

VendorProductVersions
drupallocation selector< 1.3.0

Related News (1 articles)

Tier B
CCCS Canada1h ago
Drupal security advisory (AV26-676)
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
1.3.0
CWECWE-89
PublishedJul 8, 2026
Last enriched1h ago
Tags
sql injectioncriticaldrupallocation selector
Trending Score30
Source articles1
Independent1
Info Completeness8/14
Missing: cve_id, cvss, epss, kev, exploit, iocs

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALPRE-CVE
Critical SQL Injection and Access Bypass Vulnerabilities in Drupal Geolocation Field and WissKI Modules
Trending: 6
CRITICALPRE-CVE
Multiple vulnerabilities in Drupal core and contributed modules
Trending: 3
CRITICALCVE-2026-9082EXPKEV
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Trending: 1
LOWCVE-2026-8491
Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034
CRITICALPRE-CVE
Critical Arbitrary PHP Code Execution in Drupal AlternativeCommerce (Basket)

Pin to Dashboard

Verification

State: reported
Confidence: 72%

Vulnerability Timeline

CVE Published
Jul 8, 2026
Patch Available
Jul 8, 2026
Discovered by ZDM
Jul 8, 2026