CVE-2023-54163
HIGHNLB mKlik Makedonija 3.3.12 - SQL Injection via International Transfer Parameters
Title source: llmDescription
NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking application.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php
Product product
https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production
Third Party Advisory exploit
https://packetstormsecurity.com/files/175113/NLB-mKlik-Makedonija-3.3.12-SQL-Injection.html
Issue Tracking, Third Party Advisory third-party-advisory
https://cxsecurity.com/issue/WLB-2023100040
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/nlb-mklik-macedonia-sql-injection-via-international-transfer-parameters
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
21.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
nlb/mklik_makedonija
3.3.12
Published
Dec 30, 2025
Tracked Since
Feb 18, 2026