A security issue has been discovered that affects the vBulletin 4 Publishing Suite. We have released a patch to correct this issue for vBulletin 4.2.2
The issue may allow attackers to perform SQL Injection attacks against the CMS portion of the Publishing Suite.
It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to that version as soon as possible.
You can download the build for your version here: https://members.vbulletin.com/
and the patch can be found here: https://members.vbulletin.com/patches.php
To install the patch, download it then upload all included files found within the zip file. Make sure to overwrite the existing files on your server.
If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.
vBulletin 4.2.2 Patch Level 3