PHPOK is an enterprise building system that supports expansion. PHPOK v.5.4 suffers from a SQL injection vulnerability that originates from allowing remote attackers to obtain sensitive information via the _userlist function in the framerwork/phpok_call.php file. No detailed vulnerability details are provided at this time.