CVE-2010-1191 Information

Description

Sahana disaster management system 0.6.2.2 and possibly other versions allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module.

Reference

http://secunia.com/advisories/39020 http://sourceforge.net/tracker/?func=detail&aid=2970786&group_id=127855&atid=709778 http://www.securityfocus.com/archive/1/510164/100/0/threaded