Welcome to WebmasterWorld Guest from 188.8.131.52
...a specific version of the vBulletin software allows anyone to easily access the main administrator username and password for a site.
This would also allow hackers to access data, such as e-mail addresses, and edit the site at will.
If you buy VB, you'll be buying the new 4.+ versions, which don't have these vulnerabilities. I think. Hope. :-)
Or which free solution would be the best?
Vbulletin development has been mess since Internet Brands bought Jelsoft (for more detail read the page about vbulletin on wikipedia). So personally I'm looking for a way out, whilst secretly hoping the the original team might start a new project, failing that i might consider vbulletin 5 if IB have a handle on it by then...