An LDAP query that relies on potentially untrusted inputs might allow attackers to inject unwanted elements into the query. This can allow attackers to read or modify sensitive data, run code, and perform other unwanted actions.