SimpleAudit team from elhacker.net

2 exploits Active since Jan 2020
CVE-2009-5068 EXPLOITDB HIGH WRITEUP
Simple Machines Forum <= 2.0.3 - Unauthenticated Arbitrary File Read via settings.php
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.
CVSS 7.2
CVE-2013-0192 EXPLOITDB MEDIUM text WRITEUP
Simple Machines Forum <= 2.0.3 - Authenticated File Disclosure via Admin Interface
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
CVSS 4.9