One beforenotice from team its developers vBulletin informs its customers that a security vulnerability exists in vBSEO, a sub-application for engine optimization search. administrators are advised to choose a different tool for SEO work.
Administrators waiting for an update to fix the issue are informed by vBulletin that there is a solution to the issue. This is to disable 2 code lines within vBSEO / includes / functions_vbseo_hook.php.
The two these lines are the following:
// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
In case you are also running the Suspect File Versions diagnostic tool, then you will need to generate new MD5s for it archive that you have changed.
However, η vBulletin warns in the email that proposes the above amendment that it does not warrant that exploitation of the security vulnerability (referred to as CVE-2014-9463) will no longer be possible, and that the vBulletin team is not responsible if something's wrong.
The recommendation for administrators is to completely remove vBSEO from the system and choose a different tool, for the purpose of SEO optimization.