This version suffers from public SQL Injection (SQLi) and Cross-Site Scripting (XSS) vulnerabilities. Automated hacker bots scan the web specifically looking for old vBulletin signatures to exploit them instantly.
If you're looking for a free or low-cost alternative to vBulletin, consider: vbulletin 387 patch level 3 nulled php top