School Management System CMS version 1.0 contains a critical SQL injection vulnerability in its admin login functionality. The vulnerability exists in the username parameter of the processlogin endpoint, allowing attackers to bypass authentication mechanisms. Attackers can exploit this flaw using boolean-based blind SQL injection techniques to authenticate as administrator without valid credentials. This vulnerability enables complete administrative access to the system through malicious SQL payloads. The vulnerability has been assigned CVE-2018-25201 and is considered high severity due to the authentication bypass capability.