a bunch header injection vulnerability exists while in the forgot password features of ArrowCMS Model 1.0.0. By sending a specifically crafted host header in the forgot password request, it can be done to send out https://www.ralantech.com/mysql-database-health-check-consulting-service/