CVE-2018-25418 affects AiOPMSD Final 1.0.0, containing an SQL injection vulnerability in the year parameter of year.php. Unauthenticated attackers can execute arbitrary SQL queries through GET requests with crafted payloads. The vulnerability allows extraction of sensitive database information including usernames, database names, and version details. This represents a critical security flaw that enables unauthorized database access without authentication requirements.