VYPR
High severity7.8NVD Advisory· Published Jul 23, 2019· Updated Jun 17, 2026

CVE-2019-12162

CVE-2019-12162

Description

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.