CVE-2023-33404 A user who has EditOwnPosts right on BlogEngineNET CMS (version 3380 and earlier) has the ability to upload a malicious file to a hard-coded location POST request to /api/upload endpoint with "action=video" parameters, as shown in the screenshot below, triggers a file upload process The application, first, checks if the user has EditOwnPosts righ