Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials. The fix was included in the version 3.8 release this week. It addressed improper input sanitization in the LDAP authentication plugin, which affected versions 1.7.5 through 3.5.0. The risk, however, is lessened somewhat since LDAP is not a common authentication option.
Source: https://threatpost.com/joomla-patches-eight-year-old-ldap-injection-vulnerability/128069/