Joomla 3.8 brings more than 300 improvements to the popular content management system (CMS) and patches two vulnerabilities, including one that can be exploited to obtain administrator credentials.
Researchers at RIPS Technologies discovered that Joomla versions between 1.5 and 3.7.5 are affected by a potentially serious vulnerability when using Lightweight Directory Access Protocol (LDAP) authentication.
LDAP is designed for accessing directory systems via TCP/IP and it’s available in Joomla via a native authentication plugin that can be enabled from the Plugin Manager.
