getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
http://www.securityfocus.com/bid/5229
http://www.iss.net/security_center/static/9554.php
http://hostingcontroller.com/english/logs/sp2log.html
Source: Mitre, NVD
Published: 2002-08-12
Updated: 2026-06-16
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.00888