Unverified Update Execution Vulnerability in Upwork Time Tracker 5.2.2.716

Unverified Update Execution Vulnerability in Upwork Time Tracker 5.2.2.716

CVE-2019-12162 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.

Learn more about our Web Application Penetration Testing UK.