SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote malicious users to execute arbitrary SQL commands via the txtLoginID parameter.
netchemia oneschool