Fortinet Discovers QIWI CASHIER FOR 1C: ENTERPRISE DLL Preloading Vulnerability
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in Qiwi Cashier for 1C:Enterprise.
Qiwi Cashier for 1C:Enterprise is a program for receipt of payments through 1C:Enterprise which integrates with the configuration and can also create the documents necessary for the accounting of accepted payments. It can also print receipts from all cash registers supported by 1C.
No vendor patch is available.
Fortinet reported the vulnerability to Qiwi on July 18, 2017.
Qiwi confirmed the vulnerability on July 19, 2017.