CVE-2020-21486

Name of the Vulnerable Software and Affected Versions PHPOK version 5.4

Description The issue allows a remote attacker to obtain sensitive information via the userlist function in the framerwork/phpok call.php file. This is achieved through a SQL injection vulnerability.

Recommendations For PHPOK version 5.4, consider disabling the userlist function in the framerwork/phpok call.php file as a temporary workaround until a patch is available. Restrict access to the framerwork/phpok call.php file to minimize the risk of exploitation. Avoid using the userlist function until the issue is resolved.