diff --git a/vulnerabilities/other/ecshop-sql.yaml b/vulnerabilities/other/ecshop-sqli.yaml
similarity index 57%
rename from vulnerabilities/other/ecshop-sql.yaml
rename to vulnerabilities/other/ecshop-sqli.yaml
index 36f89c06e6..1e840419e0 100644
--- a/vulnerabilities/other/ecshop-sql.yaml
+++ b/vulnerabilities/other/ecshop-sqli.yaml
@@ -1,13 +1,18 @@
+id: ecshop-sqli
+
 info:
-  name: Ecshop-SQL
+  name: Ecshop SQLi
   author: Lark-lab,ImNightmaree
-  severity: critical
-  tags: sql,php,cms
+  severity: high
+  reference:
+    - https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
+    - https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
+  tags: sqli,php,cms,ecshop
 
 requests:
   - raw:
       - |
-        POST /user.php HTTP/1.1
+        GET /user.php?act=login HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
@@ -15,13 +20,11 @@ requests:
         Accept-Encoding: gzip, deflate
         Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
 
-        username=admin&password=123456&act=act_login
-
     matchers:
-
       - type: word
         words:
-          - 'XPATH'
-          - 'MySQL'
-          - 'Array'
+          - 'XPATH syntax error:''
+          - '[error] =>'
+          - '[0] => Array'
+          - 'MySQL server error report:Array'
         condition: and