http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-040

Lpanel1.59和更早版本，以及1.597之前的其他版本，可让远程认证的用户修改某些重要变量，并(1)通过diagnose.php的domain参数修改任意域的DNS设置，(2)通过view_ticket.php的close、open或pid参数关闭、打开或响应任意支持的凭证，(3)通过viewreceipt.php的inv参数获取关于任意发票的敏感信息，或(4)通过domains.php的editdomain参数修改任意域的域信息。

来源:BID
名称:13869
链接:http://www.securityfocus.com/bid/13869
来源:www.lpanel.net
链接:http://www.lpanel.net/changelog.php
来源:SECUNIA
名称:15589
链接:http://secunia.com/advisories/15589/
来源:FULLDISC
名称:20050606Lpanel.NET’sLpanel(allversionsuptoandincluding1.59)isvulnerableinthatitallowsanattackertoresettheDNSinformationofanydomainnamemanagedbythesystem.
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html
来源:FULLDISC
名称:20050606Lpanel.NET’sLpanel(allversionsuptoandincluding1.59)isvulnerableinthatitallowsanattackertorespondtoanysupportticketonthesystem.
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html
来源:FULLDISC
名称:20050606Lpanel.NET’sLpanel(allversionsuptoandincluding1.59)isvulnerabletotheunauthorizedviewingofclientinvoiceinformation.
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html
来源:FULLDISC
名称:20050606Lpanel.NET’sLpanel(allversionsuptoandincluding1.59)isvulnerabletounauthorizeddomainmanagementaccess.
链接:http://lists