“This is weird, this exposes some things, you wouldn’t usually do this.”
If I can figure out how to execute php with privileges on your system I can basically execute arbitrary code, and with this there’s a firewall, windows pop ups, and a password between someone and that, but it’s technically conceivable. And really a particular processor/motherboards raid configuration utility is not where I’d first think there was a vulnerability like that.
Yeah, that’s kinda bad. Not like trivial everyone is vulnerable bad, but I think absolutely no software should be setting up a webserver on someone’s local machine that isn’t intending to be a webserver. That’s just not what you do.