AiOPMSD Final 1.0.0 contains a critical SQL injection vulnerability (CVE-2018-25419) that allows unauthenticated attackers to execute arbitrary SQL queries through the genre parameter in genre.php. Attackers can craft malicious GET requests with SQL payloads to extract sensitive database information including usernames, database names, and version details. The vulnerability requires no authentication, making it particularly dangerous for exposed AiOPMSD installations. Exploit code is publicly available, increasing the risk of active exploitation. Organizations using AiOPMSD should immediately assess their exposure and apply security patches if available.