Description
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Paypal Payments Security Bypass (5.7.21)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)