This document summarizes security issues in PHP applications. It discusses three lesser known vulnerabilities: 1) PHP path normalization can be bypassed on Windows through special characters like double dots and pipes, allowing access to files outside the web root. 2) Double-byte character sets can be escaped to bypass input validation in SQL injection and XSS attacks. 3) Variables in double quotes undergo string evaluation, which can enable code injection through functions like phpinfo(). The document provides solutions like sanitizing special characters, proper UTF-8 encoding, and avoiding eval-like functions.