CVE-2024-48217

HIGH EXPLOITED

SiSMART v7.4.0 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2024-48217 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including ajrielrm.

AI-analyzed exploit summary This repository documents an IDOR vulnerability in SiSMART 7.4.0, where client-side session storage parameters can be manipulated to escalate privileges. The PoC demonstrates modifying localStorage values to gain administrative access.

Description

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.

Exploits (1)

nomisec WRITEUP 1 stars

by ajrielrm · poc

https://github.com/ajrielrm/CVE-2024-48217

View Code ZIP pw:eip

This repository documents an IDOR vulnerability in SiSMART 7.4.0, where client-side session storage parameters can be manipulated to escalate privileges. The PoC demonstrates modifying localStorage values to gain administrative access.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: SiSMART (Aplikasi Pintar Penunjang Proses Pendidikan) - 7.4.0

No auth needed

Prerequisites: Access to the target application's login page · Ability to intercept and modify HTTP responses

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/ajrielrm/CVE-2024-48217

Scores

CVSS v3 8.8

EPSS 0.0068

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-11-02

CWE

CWE-639

Status published

Published Nov 01, 2024

Tracked Since Feb 18, 2026