A warning from its developer team vBulletin informs its customers that a security vulnerability exists in vBSEO, a sub-application for search engine optimization. administrators are advised to select a different one tool for SEO work.
Administrators waiting for an update to fix the issue are informed by vBulletin that there is a solution to the issue. This is to disable 2 code lines within vBSEO / includes / functions_vbseo_hook.php.
The two these lines are the following:
// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
In case you also run Suspect File Versions diagnostic tool, then you'll need to generate new MD5s for the file you've changed.
However, η vBulletin warns in the email that proposes the above amendment that it does not warrant that exploitation of the security vulnerability (referred to as CVE-2014-9463) will no longer be possible, and that the vBulletin team is not responsible if something's wrong.
The recommendation for administrators is to completely remove vBSEO from the system and choose a different tool for optimizing SEO.
