Vulnerability Details CVE-2002-0776
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://hostingcontroller.com/english/logs/sp2log.html
- http://online.securityfocus.com/archive/1/282129
- http://www.iss.net/security_center/static/9554.php
- http://www.securityfocus.com/bid/5229
- http://hostingcontroller.com/english/logs/sp2log.html
- http://online.securityfocus.com/archive/1/282129
- http://www.iss.net/security_center/static/9554.php
- http://www.securityfocus.com/bid/5229
Products affected by CVE-2002-0776
-
cpe:2.3:a:hosting_controller:hosting_controller:2002