• File Inclusion attacks
• SQL
• Cross-site scripting (XSS)
• Command injection
• Server-side template injection (SSTI)
• XML external entity (XXE) injection
• Insecure file uplaods