NLB mKlik Makedonija 3.3.12 SQL Injection

CVE Category Price Severity
CWE-89 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2023-10-16

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

NLB mKlik Makedonija 3.3.12 SQL Injection
NLB mKlik Makedonija 3.3.12 SQL Injection

Vendor: NLB Banka AD Skopje
Product web page:
Google Play:
Affected version: 3.3.12

Summary: NLB mKlik       ,
        . NLB mKlik 
     Android  5.0  .

Desc: The mobile application or the affected API suffers from an SQL
Injection vulnerability. Input passed to the parameters that are
associated to international transfer is not properly sanitised before
being returned to the user or used in SQL queries. This can be exploited
to manipulate SQL queries by injecting arbitrary SQL code and disclose
sensitive information.

Tested on: Android 13

Vulnerability discovered by Neurogenesia

Advisory ID: ZSL-2023-5797
Advisory URL:



Incident ID: ZSL-122022-NLBTHR
DB data disclosure PoC (international transfer details/description trigger):

[select alfa1+'  ' opis from pts (nolock) where unikum =dbo.dodajnuli(:unikum ,14) and kod = 15111]


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.