Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The vulnerability is caused by to the lack of input sanitization of the username credential used in the login page. RIPS has published a proof-of-concept (PoC) code and a video PoC, however, the exploit also requires a filter bypass, that the company hasnt disclosed. The flaw was reported to the development team on July 27, this week Joomala released the version 3.8 that fixed the problem.”]
Source: http://securityaffairs.co/wordpress/63253/hacking/joomla-login-page-flaw.html