CVE-2023-54163
Severity CVSS v4.0:
HIGH
Type:
CWE-89
SQL Injection
Publication date:
30/12/2025
Last modified:
16/01/2026
Description
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking application.
Impact
Base Score 4.0
8.80
Severity 4.0
HIGH
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nlb:mklik_makedonija:3.3.12:*:*:*:*:android:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cxsecurity.com/issue/WLB-2023100040
- https://packetstormsecurity.com/files/175113/NLB-mKlik-Makedonija-3.3.12-SQL-Injection.html
- https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production
- https://www.vulncheck.com/advisories/nlb-mklik-macedonia-sql-injection-via-international-transfer-parameters
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php
- https://cxsecurity.com/issue/WLB-2023100040
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php