Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Security Misconfiguration (OWASP Top 10 - 2013 - A5)