CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking application.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
VulnCheckCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2023100040
https://packetstormsecurity.com/files/175113/NLB-mKlik-Makedonija-3.3.12-SQL-Injection.html
https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production
https://www.vulncheck.com/advisories/nlb-mklik-macedonia-sql-injection-via-international-transfer-parameters
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php