By accident I found http://packetstormsecurity.com/files/130588

Anybody can try this one and confirm yet as vBulletin 4.2.2 Remote Code Injection ?

Holy shit this is scary if this really works, one good thing is that it only seems to work if you are a legitimate user of the forum. I tried to recreate, but was unable. That does not mean it does not work, only that I was not able to. My forum always told me the message is too short.

It's an exploit for vBSEO, not for vBulletin itself.
http://www.exploit-db.com/exploits/36232/

Unless of course the link I found is wrong, I'll look into it.

Edit: it's for vBSEO.