vBulletin last10.php SQL Injection

Summary
The remote host is running last10.php, an unofficial plugin for vBulletin which allows users to add a revolving ticker showing the last10 topics of his/her forum. This set of script may allow an attacker to cause an SQL Injection vulnerability allowing an attacker to cause the program to execute arbitrary SQL statements.
Solution
Upgrade to the latest version of this software or disable it