← Back to CVEs
CVE-2023-54163
HIGH7.5
Description
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking application.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/30/2025
Last Modified1/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
nlb:mklik_makedonija
Weaknesses (CWE)
CWE-89
References
https://cxsecurity.com/issue/WLB-2023100040(disclosure@vulncheck.com)
https://packetstormsecurity.com/files/175113/NLB-mKlik-Makedonija-3.3.12-SQL-Injection.html(disclosure@vulncheck.com)
https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nlb-mklik-macedonia-sql-injection-via-international-transfer-parameters(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php(disclosure@vulncheck.com)
https://cxsecurity.com/issue/WLB-2023100040(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.