This document summarizes security issues in PHP applications. It discusses three lesser known vulnerabilities: 1) PHP path normalization can be bypassed on Windows through special characters like angle brackets or double quotes, allowing access to files that should not be accessible. 2) Double-byte character sets can be escaped to bypass input validation in SQL injection and XSS attacks. 3) Variables in double quotes may be evaluated, allowing code injection through functions like phpinfo(). It provides solutions like proper input validation, output encoding, and using single quotes instead of double quotes.