CVE-2002-0776

critical

Description

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.

References

http://www.securityfocus.com/bid/5229

http://www.iss.net/security_center/static/9554.php

http://hostingcontroller.com/english/logs/sp2log.html

Details

Source: Mitre, NVD

Published: 2002-08-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00888