CVE-2024-53995

LOW NUCLEI

SickChill - Open Redirect

Title source: llm

Description

SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

Nuclei Templates (1)

SickChill - Open Redirect

LOWVERIFIEDby omarkurt

Shodan: html:"SickChill"

References (4)

[Various Sources] https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33

View Writeup ZIP pw:eip

[Various Sources] https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/

[Patch] https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82

[Issue Tracking] https://github.com/SickChill/sickchill/pull/8811

Scores

CVSS v4 1.9

EPSS 0.0083

EPSS Percentile 74.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P

Details

CWE

CWE-601

Status published

Products (2)

pypi/sickchill 0PyPI

SickChill/sickchill <= 2024.3.1

Published Jan 08, 2025

Tracked Since Feb 18, 2026