Userfrosting is a secure, modern Php user management system. a security vulnerability exists in Userfrosting, which stems from the fact that in Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to a host header injection attack. An attacker could exploit the vulnerability to use the forgot password feature to reset the victim’s password and successfully take over their account.