Looks like a rather nasty security flaw. vbulletin is urging to update to 3.6.3 if you don't already know so.