CVE-2023-54163 – CVE-2023-54163 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2023-54163?

CVE-2023-54163 has a CVSS score of 7.5 (HIGH). CVE-2023-54163 is a SQL injection vulnerability in NLB mKlik Macedonia mobile banking app version 3.3.12. Attackers can inject malicious SQL code through international transfer parameters to potentially access sensitive banking data. This affects users of the vulnerable mobile banking application in Macedonia.

📋 TL;DR

CVE-2023-54163 is a SQL injection vulnerability in NLB mKlik Macedonia mobile banking app version 3.3.12. Attackers can inject malicious SQL code through international transfer parameters to potentially access sensitive banking data. This affects users of the vulnerable mobile banking application in Macedonia.

💻 Affected Systems

Products:

NLB mKlik Macedonia

Versions: 3.3.12

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the international transfer functionality within the mobile banking application.

📦 What is this software?

Mklik Makedonija by Nlb

View all CVEs affecting Mklik Makedonija →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including customer financial data, transaction history, and authentication credentials leading to financial fraud and data breach.

🟠

Likely Case

Unauthorized access to sensitive customer information and potential manipulation of transaction data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting unauthorized access.

🌐 Internet-Facing: HIGH - Mobile banking applications are internet-facing and accessible to attackers.

🏢 Internal Only: LOW - This is a client-side mobile application vulnerability, not an internal system issue.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction with the app and knowledge of SQL injection techniques. Public proof-of-concept details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check Google Play Store for latest version

Vendor Advisory: Not publicly available

Restart Required: Yes

Instructions:

1. Open Google Play Store
2. Search for NLB mKlik Macedonia
3. Check for available updates
4. Install latest version
5. Restart the application

🔧 Temporary Workarounds

Disable International Transfers

android

Temporarily disable international transfer functionality in the app settings

Application Whitelisting

all

Restrict app usage to trusted networks only

🧯 If You Can't Patch

Disable the mobile banking application until patch is available
Implement network-level monitoring for unusual SQL-like patterns in application traffic

🔍 How to Verify

Check if Vulnerable:

Check app version in Google Play Store or app settings - if version is 3.3.12, it is vulnerable

Check Version:

Check app version in Android Settings > Apps > NLB mKlik Macedonia

Verify Fix Applied:

Update to latest version from Google Play Store and verify version number has changed from 3.3.12

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed international transfer attempts with malformed parameters

Network Indicators:

SQL keywords in HTTP POST parameters to transfer endpoints
Unusual database query patterns from mobile app

SIEM Query:

source="app_logs" AND (message="*SQL*" OR message="*syntax*" OR message="*injection*") AND app="nlb_mklik"

📊 Metadata

CVE ID: CVE-2023-54163

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.04% exploit probability (11.7th percentile)

Published: December 30, 2025

Last Updated: January 16, 2026

🔗 References

https://cxsecurity.com/issue/WLB-2023100040 Issue Tracking,Third Party Advisory
https://packetstormsecurity.com/files/175113/NLB-mKlik-Makedonija-3.3.12-SQL-Injection.html Third Party Advisory
https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production Product
https://www.vulncheck.com/advisories/nlb-mklik-macedonia-sql-injection-via-international-transfer-parameters Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php Third Party Advisory
https://cxsecurity.com/issue/WLB-2023100040 Issue Tracking,Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-54163, you might also want to check these: