American Express fixes a flaw on its website that allowed cybercriminal to launch SQL injection attack and gives a direc access to database. The flaw was patched a few days after Nils Kenneweg, one of Heise Security readers, informed that he had found it. The website failed to properly filter requests thus allowing to inject SQL code.

The flaw was found in search function. American Express informs it wasn’t exploited and customers’ data remain safe.

source: Heise Online
13.01.2012