Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.