CVE-2002-0776

Name of the Vulnerable Software and Affected Versions: Hosting Controller version 2002

Description: The issue allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter in the "getuserdesc.asp" file.

Recommendations: For Hosting Controller version 2002, apply the "UpdateUser" hot fix to resolve the issue. As a temporary workaround, consider restricting access to the "getuserdesc.asp" file to minimize the risk of exploitation. Avoid using the username parameter in the affected file until the issue is resolved.