As per Open Web Application Security Project (OWASP) there are top 10 security issues. Unfortunately PHP openness allows hackers to exploit it.
1) Injection – Injecting code as part of the actual command or query in order to break or hostile the system. This can be SQL Injection, OS Injection or LDAP injection. This occupies the top list of security flaws.