PHP has its share of issues and vulnerabilities. Honestly, it is the weak point of the LAMP architecture because of the potential for misconfigurations and insecure issues. The follow links go into an entry in the SANS Top 20 and the top 5 PHP security settings.
Since I use PHP I wanted to post this site with some PHP security tips from SANS.
And this is another nice list of php security issues and configurations.
Spike is a php auditing tool that I totally have to try out sometime soon.