CVE-2023-54163 is a SQL injection vulnerability identified in the NLB mKlik Makedonija mobile banking application version 3.3.12, developed by NLB Banka AD Skopje. The vulnerability stems from improper neutralization of special elements in the parameters used for international transfers, which allows attackers to inject arbitrary SQL commands into the backend database queries. This occurs because the application fails to adequately sanitize or parameterize user-supplied input before incorporating it into SQL statements. Exploiting this flaw does not require any authentication or user interaction, making it remotely exploitable by any attacker with network access to the application. The impact of successful exploitation includes unauthorized disclosure of sensitive banking information, potentially including customer data, transaction details, and other confidential records stored in the database. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), high impact on confidentiality (VC:H), low impact on integrity (VI:L), and no impact on availability (VA:N). Although no public exploits have been reported yet, the high CVSS score (8.8) reflects the critical nature of this vulnerability. The vulnerability is particularly concerning for financial institutions and their customers, as it could lead to data breaches, fraud, and erosion of trust in the banking platform. The lack of available patches at the time of publication increases the urgency for implementing interim mitigations and monitoring.

For European organizations, especially financial institutions and customers connected to NLB Banka AD Skopje or using the NLB mKlik Makedonija application, this vulnerability poses a significant risk of data breach and financial fraud. The unauthorized disclosure of sensitive banking data could lead to identity theft, financial loss, and regulatory penalties under GDPR due to compromised personal data. The integrity of transaction data could be undermined, potentially facilitating fraudulent transfers or manipulation of account information. The reputational damage to the bank and associated financial entities could be severe, impacting customer trust and market position. Given the cross-border nature of banking and financial services in Europe, the vulnerability could also affect partner institutions and customers in other EU countries. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, which could disrupt banking operations and lead to costly incident response and remediation efforts.

1. Immediate implementation of input validation and sanitization on all international transfer parameters to prevent injection of malicious SQL code. 2. Refactor the application code to use parameterized queries or prepared statements exclusively, eliminating direct concatenation of user input into SQL commands. 3. Deploy Web Application Firewalls (WAFs) with rules specifically designed to detect and block SQL injection attempts targeting the affected endpoints. 4. Conduct thorough code reviews and security testing (including automated and manual penetration testing) focused on input handling in the mobile banking application. 5. Monitor database logs and application logs for unusual query patterns or access anomalies that may indicate exploitation attempts. 6. Engage with NLB Banka AD Skopje to obtain patches or updates addressing this vulnerability as soon as they become available. 7. Educate development and security teams on secure coding practices to prevent similar vulnerabilities in future releases. 8. For organizations integrating or relying on NLB mKlik services, consider additional network segmentation and access controls to limit exposure until the vulnerability is remediated.