LavaLite CMS v 9.0.0 exists to be vulnerable to a host header injection attack.
lavalite lavalite 9.0.0