A host header injection vulnerability exists within the forgot password performance of ArrowCMS Variation 1.0.0. By sending a specifically crafted host header inside the forgot password request, it is feasible to send https://www.ralantech.com/mysql-database-health-check-consulting-service/