These are the issue categories that can be raised against a teaching resource.

Code Description Count
sql-injection SQL statements appear to be including unfiltered user input in a way that risks running unauthorised SQL against the database. 35
deprecated-library The resource makes use of a library that is officially deprecated. 31
password-clear Passwords are being stored in plaintext, rather than using an appropriate hashing algorithm. 10
password-inadequate-hashing Passwords are being stored using an inappropriate hashing algorithm, such as MD5 or SHA1. 6
uncategorised An issue that doesn't have a specific category. 5
sql-needs-parameterisation Whilst the resource may not specifically be at risk of SQL injection, it could do with making use of query parameterisation. 4
variable-injection It is possible to present user input to a code example that would modify program variables in a way the author did not intend. 1
email-header-injection Copying values straight from user input to email headers can result in miscreants sending strings containing newlines together with their own headers, such as a To or Bcc field. This allows a remote attacker to turn a web server into a spam relay. 0
upload-arbitrary-file If an upload feature permits a PHP script to be uploaded to a world-accessable address on a web server, it is likely to allow arbitrary (malicious) code to be run on the server. 0
xss The resource may permit user input to be rendered as unauthorised JavaScript in a way that may permit session hijacking. 0