Description
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Contact Form Pro Cross-Site Scripting (1.1.1.8)
WordPress Plugin Gantry 4 Framework Cross-Site Scripting (4.1.5)
MySQL CVE-2020-14893 Vulnerability (CVE-2020-14893)
Apache HTTP Server Improper Privilege Management Vulnerability (CVE-2026-24072)
WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)