Vulnerability Details CVE-2018-13850
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2018-13850
-
cpe:2.3:a:icanstudioz:firebase_push_notification_on_ios_/_fcm_+_advance_admin_panel:2017-10-26