Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
6 min read
20 Sep 2017
by
Robin Peraglie
With over 84 million downloads, Joomla! is one of the most popular content management systems.
Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller.
This one vulnerability could allow remote attackers to leak the super user password and to fully take over any Joomla! <= 3.7.5 installation that uses LDAP for authentication.