AiOPMSD Final 1.0.0 contains an SQL injection vulnerability identified as CVE-2018-25413. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries through the 'q' parameter in search.php. Attackers can send crafted GET requests with malicious SQL payloads to extract sensitive database information. The vulnerability enables access to usernames, database names, and version details. No authentication is required to exploit this vulnerability, making it particularly dangerous.