Vulnerability Details CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2019-12162
-
cpe:2.3:a:upwork:time_tracker:5.2.2.716