PT AF can prevent vulnerability exploits in Joomla versions 3.8.0 and earlier. To detect injection of LDAP operators in POST parameters, the LDAP injection in Joomla earlier than 3.8.0 rule is used.

The check is enabled by default and does not require additional configuration. If necessary, you can add exceptions to the rule in the Skipped HTTP request parts parameter.

PT AF assigns the Low severity and the LDAP injection tag to attacks detected by the LDAP injection in Joomla earlier than 3.8.0 rule. The attack classification IDs are WASC-29, CAPEC-136, CVE-2017-14596, OWASP 2017-A1.