diff --git a/Strapi/CVE-2019-18818/README.md b/Strapi/CVE-2019-18818/README.md
new file mode 100644
index 0000000..1e49676
--- /dev/null
+++ b/Strapi/CVE-2019-18818/README.md
@@ -0,0 +1,9 @@
+# Strapi 3.0.0 17.4 Password Reset (CVE-2019-18818)
+
+Strapi is an open source headless content management system (CMS), strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
+
+FOFA **query rule**: [banner="X-Powered-By: Strapi <strapi.io>"](https://fofa.so/result?qbase64=YmFubmVyPSJYLVBvd2VyZWQtQnk6IFN0cmFwaSA8c3RyYXBpLmlvPiI%3D)
+
+# Demo
+
+![Strapi_17_4_Password_Reset_CVE_2019_18818](Strapi_17_4_Password_Reset_CVE_2019_18818.gif)