QwikSec

Security Database

CVE

CWE

Training

CVE-2022-43690

Published: Nov 14, 2022

Modified: Apr 30, 2025

PUBLISHED

Description

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/concretecms/concretecms/releases/9.1.3

https://github.com/concretecms/concretecms/releases/8.5.10

https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes

https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes

https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.