diff --git a/Sahi-Pro/CVE-2018-20470/README.md b/Sahi-Pro/CVE-2018-20470/README.md
new file mode 100644
index 0000000..c793dc5
--- /dev/null
+++ b/Sahi-Pro/CVE-2018-20470/README.md
@@ -0,0 +1,9 @@
+# Sahi pro 7.x 8.x Arbitrary File Read (CVE-2018-20470)
+
+An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
+
+**FOFA query rule**: [body="_s_/spr/" || "sahisid" || title="Sahi Launcher"](https://fofa.so/result?qbase64=Ym9keT0iX3NfL3Nwci8iIHx8ICJzYWhpc2lkIiB8fCB0aXRsZT0iU2FoaSBMYXVuY2hlciI%3D)
+
+# Demo
+
+![](Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif)
\ No newline at end of file
diff --git a/Sahi-Pro/CVE-2018-20470/Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif b/Sahi-Pro/CVE-2018-20470/Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif
new file mode 100644
index 0000000..184bbbd
Binary files /dev/null and b/Sahi-Pro/CVE-2018-20470/Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif differ
diff --git a/Sahi-Pro/CVE-2019-13597/README.md b/Sahi-Pro/CVE-2019-13597/README.md
new file mode 100644
index 0000000..399d028
--- /dev/null
+++ b/Sahi-Pro/CVE-2019-13597/README.md
@@ -0,0 +1,9 @@
+# Sahi Pro v8.x RCE (CVE-2019-13597)
+
+`_s_/sprm/_s_/dyn/Player_setScriptFile` in Sahi Pro 8.0.0 allows command execution. It allows one to run .sah scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
+
+**FOFA query rule**: [body="_s_/spr/" || "sahisid" || title="Sahi Launcher"](https://fofa.so/result?qbase64=Ym9keT0iX3NfL3Nwci8iIHx8ICJzYWhpc2lkIiB8fCB0aXRsZT0iU2FoaSBMYXVuY2hlciI%3D)
+
+# Demo
+
+![](Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif)
\ No newline at end of file
diff --git a/Sahi-Pro/CVE-2019-13597/Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif b/Sahi-Pro/CVE-2019-13597/Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif
new file mode 100644
index 0000000..d505be0
Binary files /dev/null and b/Sahi-Pro/CVE-2019-13597/Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif differ