Product
critical
advisory
OpenC3 COSMOS SQL Injection Vulnerability in QuestDB Time-Series Database
2 rules 3 TTPsA SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS, allowing an authenticated remote user to execute arbitrary SQL commands, including telemetry data disclosure and deletion.
OpenC3
sql-injection
cosmos
questdb
telemetry
2r
3t
critical
advisory
OpenC3 COSMOS Script Runner Permissions Bypass
2 rules 1 TTPThe OpenC3 COSMOS Script Runner widget allows authenticated users to bypass API permissions checks and execute administrative actions by running specially crafted Python and Ruby scripts, leading to data manipulation and privilege escalation.
openc3
cosmos
script-runner
permissions-bypass
privilege-escalation
2r
1t