A warning from its developer team vBulletin informs its customers that there is a security vulnerability in vBSEO, a sub-application for search engine optimization. administrators are advised to choose a different tool for SEO work.
Administrators waiting for an update to come out that will fix the issue are informed by vBulletin that there is a solution for theme. This consists of disabling 2 lines of code inside vBSEO / includes / functions_vbseo_hook.php.
These two lines are as follows:
// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
In case you also run Suspect File Versions diagnostic tool, then you'll need to generate new MD5s for the file you've changed.
However, η vBulletin warns in the email that proposes the above amendment that it does not warrant that exploitation of the security vulnerability (referred to as CVE-2014-9463) will no longer be possible, and that the vBulletin team is not responsible if something's wrong.
The recommendation for administrators is to completely remove vBSEO from the system and choose a different tool for optimizing SEO.
