VYPR
Medium severity6.3NVD Advisory· Published Nov 14, 2022· Updated Jun 17, 2026

CVE-2022-43690

CVE-2022-43690

Description

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
concrete5/concrete5Packagist
< 8.5.108.5.10
concrete5/concrete5Packagist
>= 9.0.0, < 9.1.39.1.3

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.