diff --git a/KlogServer/CVE-2020-35729/CVE_2020_35729.gif b/KlogServer/CVE-2020-35729/CVE_2020_35729.gif
new file mode 100644
index 0000000..6361db6
Binary files /dev/null and b/KlogServer/CVE-2020-35729/CVE_2020_35729.gif differ
diff --git a/KlogServer/CVE-2020-35729/README.md b/KlogServer/CVE-2020-35729/README.md
new file mode 100644
index 0000000..eaa89f6
--- /dev/null
+++ b/KlogServer/CVE-2020-35729/README.md
@@ -0,0 +1,11 @@
+# Klog Server Unauth RCE(CVE-2020-35729)
+
+The 'authenticate.php' file uses the 'user' HTTP POST parameter in a call to the 'shell_exec()' PHP function without appropriate input validation,allowing arbitrary command execution as the apache user.
+
+**Affected Version**:  ≤2.4.1
+
+**FOFA query rule**: [title="KLog Server" && body="authenticate.php"](https://fofa.so/result?qbase64=dGl0bGU9IktMb2cgU2VydmVyIiYmYm9keT0iYXV0aGVudGljYXRlLnBocCI%3D)
+
+# Demo
+
+![](CVE_2020_35729.gif)
\ No newline at end of file