vBulletin 4 (up to 4.1.2) search.php SQL injection