The exploit allows an attacker to execute arbitrary commands on a vulnerable vBulletin forum. The vulnerability exists in the forumdisplay.php file, where the 'GLOBALS' parameter is not properly sanitized, allowing an attacker to inject malicious code and execute commands on the underlying system. The exploit takes advantage of several conditions that must be met in order for the exploit to work. These conditions include the 'showforumusers' option being enabled, the user being a guest/visitor, at least one user being shown in the forum, and magic_quotes_gpc being turned off. The exploit also requires bypassing the unset($GLOBALS["$_arrykey"]) code in init.php using the secret array GLOBALS[]=1.