Recently some script kids have been taking advantage of an an Apache feature (http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext) to upload malicious PHP scripts to vBulletin sites that use PhotoPost vBGallery (and the older vBadvanced Gallery versions).

To be vulnerable your site would have to be using Apache with vBulletin with vBGallery with certain file types allowed to be uploaded (set in your ACP).

Here are the patch instructions for the work-around (http://www.photopost.com/forum/showpost.php?p=1214127&postcount=2) and here is list of 'before' chunks of code for the older versions of vBGallery & even vBadvanced Gallery (http://www.photopost.com/forum/showpost.php?p=1214264&postcount=36).

Nobody has to renew just to get the patch instructions. Everybody who has a license should be able to view the information. If somebody has a license, expired or not, and can not view the instructions then they should post over in the PP forums so it can be looked into. If somebody has a license and has not logged into the forums for a very long time then they may have to update their email address to show as verified (http://www.photopost.com/forum/announcement.php?f=68).

This is a critical patch. The vBGallery 2.4.2 includes the patches so it is highly recommended that you either upgrade to the newest version or apply the manual patches to your older version.