Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules.
One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability.
This vulnerability is mitigated by the fact that a view must exist, that uses the aforementioned filter and it is set to accept user input.
Install the latest version:
- If you use the Geolocation Field module for Drupal, upgrade to Geolocation Field 8.x-3.15
- cilefen (cilefen) of the Drupal Security Team
- Neil Drumm (drumm) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Drew Webber (mcdruid) of the Drupal Security Team
- Juraj Nemec (poker10) of the Drupal Security Team