CVE-2002-0776 Information

Description

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter as addressed by the \UpdateUser\ hot fix.

Reference

http://hostingcontroller.com/english/logs/sp2log.html http://online.securityfocus.com/archive/1/282129 http://www.iss.net/security_center/static/9554.php http://www.securityfocus.com/bid/5229