Dr. Death

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 3.0.x **Description** The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the `fsel` parameter in the API endpoints such as "last10.php" and "ttlast.php". **Recommendations** For version 3.0.x, avoid using the `fsel` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "ttlast.php" and "last10.php" files to minimize the risk of exploitation.