Public CVE-2012-1645 disclosure

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.