GHSA-2F9H-23F7-8GCX AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...