eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability

eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof of concept is available:

Submit the following to the input field at /thyme/modules/groups/pick_users.php:
' union all select proof,of,concept from mysql.db/*