1. Client-Side: XXS, CSRF
2.SQL-Injection
3. PHP-injection
4. LFI, Path Traversal
5. RCE
6. OWASP TOP-10