SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.