SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
http://www.securityfocus.com/bid/65775
http://www.opendocman.com/opendocman-v1-2-7-2-released