ABI Version 3.7.9.17 Remote SQL Injection
The forget password section at LostPwd.asp? has the vulnerability to run SQL query and give the attacker the information neeeded.
The-0utl4w (Credits goes to Aria-Security)