CVE-2018-13850

Name of the Vulnerable Software and Affected Versions Firebase Cloud Messaging (FCM) + Advance Admin Panel versions prior to 2017-10-26

Description The issue allows SQL injection via the "/advance push/public/login" API endpoint, specifically through the username parameter. This could potentially lead to unauthorized access to sensitive data.

Recommendations For versions prior to 2017-10-26, as a temporary workaround, consider restricting access to the "/advance push/public/login" API endpoint to minimize the risk of exploitation. Avoid using the username parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.