CVE-2024-53995
LOW NUCLEISickChill <= 2024.3.1 - Authenticated Open Redirect via Login Next Parameter
Title source: llmExploitation Summary
CVE-2024-53995 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.
Nuclei Templates (1)
SickChill - Open Redirect
LOWVERIFIEDby omarkurt
Shodan:
html:"SickChill"
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/
Issue Tracking x_refsource_misc
https://github.com/SickChill/sickchill/pull/8811
Patch x_refsource_misc
https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
Scores
CVSS v4
1.9
EPSS
0.0094
EPSS Percentile
56.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (2)
pypi/sickchill
0PyPI
SickChill/sickchill
<= 2024.3.1
Published
Jan 08, 2025
Tracked Since
Feb 18, 2026