PatchSiren cyber security CVE debrief
CVE-2023-2750 Cityboss CVE debrief
CVE-2023-2750 is a critical SQL injection flaw in Cityboss E-Municipality affecting versions before 6.05. NVD rates it 9.8/CRITICAL, and the vulnerability is recorded with a CWE-89 weakness classification. Because the issue is network-exploitable with no user interaction and no privileges required, exposed deployments should be treated as high risk until patched. The CVE was published on 2023-05-24 and later modified on 2024-11-21.
- Vendor
- Cityboss
- Product
- E-municipality
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-05-24
- Original CVE updated
- 2024-11-21
- Advisory published
- 2023-05-24
- Advisory updated
- 2024-11-21
Who should care
Administrators and security teams responsible for Cityboss E-Municipality deployments, especially any internet-facing or externally reachable instances running a version earlier than 6.05.
Technical summary
The NVD record describes an improper neutralization of special elements used in an SQL command, i.e. SQL injection. The affected CPE is Cityboss E-Municipality versions before 6.05. The CVSS vector shown by NVD is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely reachable issue with no privileges or user interaction required and potential impact to confidentiality, integrity, and availability. NVD also links a third-party advisory from USOM (TR-23-0286).
Defensive priority
Urgent. This is a critical remote SQL injection issue with broad potential impact and should be prioritized for immediate patching or isolation if upgrade cannot be performed quickly.
Recommended defensive actions
- Upgrade Cityboss E-Municipality to version 6.05 or later, which is the first version not listed as affected.
- If immediate patching is not possible, restrict network exposure to the application and limit access to trusted administrative networks only.
- Review application and database logs for abnormal query patterns or unexpected database activity around the affected service.
- Verify whether any Internet-facing instances are running a version earlier than 6.05 and inventory them for expedited remediation.
- Use the USOM advisory and the NVD record to confirm the latest vendor and third-party guidance before scheduling maintenance.
Evidence notes
All claims here are limited to the supplied NVD record and the linked USOM advisory. The record identifies Cityboss E-Municipality as the affected product, notes versions before 6.05 as vulnerable, classifies the weakness as CWE-89, and assigns a 9.8 CVSS score with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The CVE publishedAt date is 2023-05-24T12:15:09.337Z and modifiedAt is 2024-11-21T07:59:13.250Z.
Official resources
-
CVE-2023-2750 CVE record
CVE.org
-
CVE-2023-2750 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published by NVD on 2023-05-24; record later modified on 2024-11-21.