GHSA-2f9h-23f7-8gcx: AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

AVideo's web installer endpoint (`install/checkConfiguration.php`) allows unauthenticated attackers to fully set up the application on fresh deployments by sending POST requests with attacker-controlled database credentials, admin passwords, and configuration values. Since the only protection is checking if a configuration file exists, attackers can take over uninitialized instances by pointing them to an attacker-controlled database and creating admin accounts with attacker-chosen passwords.