PHP is a scripting language that executes on the server side. a privilege design vulnerability exists in the Chocolatey PHP package v8.1.12 and below, which stems from the fact that all users in the Authenticated users group have write access to the subfolder C:\tools\php81 and all files in that folder, which could be exploited by an attacker to obtain file write permissions.