Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
https://github.com/ycdxsb/Vuln/blob/main/CVE-2022-29376/CVE-2022-29376.md