VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials
@ 2010/07/23
It has come to our attention that a vulnerability on vBulletin 3.8.6
has been discovered. The exploit allows a malicious user to retrieve a
forum’s database credentials via the faq.php script.
If you are running vBulletin 3.8.6, we strongly recommend that you
remove the faq.php script and change your mysql database details as a
precaution.
You can find faq.php in your vBulletin installation directory:
*/vbroot/faq.php