A rather basic (intentionally) vulnerable Web application written in PHP, part of the OWASP Vicnum Project - View it on GitHub