During one blackbox testing I found few bugs in vBulletin 4.2.3. Below you will find few details about it...
If you will try to send this request with malformed input for type parameter:
In other hand you can also find there another type of bug - XSS:
Response looks like this:
Another place to check your SQL is here:
As far as I know this story will be assigned to CVE-2017-11607.