OpenDocMan version 1.2.5 suffers from cross site scripting and a remote SQL injection vulnerability that allows for authentication bypass.
e7e44fcb4e3f30d43bfa0d2b218cd77b02a088d09ba683e330163fd067dfad35
If magic_quotes_gpc is off opendocman 1.2rc3 suffers from an authentication bypass vulnerability.
8f2ad0e6bf6b1cbaf3b99b60430ea6396ad0d977528510c3fcaaf782a043aa4b