Unfortunately it looks like there are quite a few documented vulnerabilities in this version of vBulletin, attachment uploads included.
https://www.cvedetails.com/vulnerabi...Vbulletin.html
I know this is bad news, RF, but you may really want to consider upgrading to the latest version of vBulletin.