Microweber v1.2.15 exists to allow malicious users to perform an account takeover via a host header injection attack.
microweber microweber 1.2.15