diff --git a/CVE-2022-22928.md b/CVE-2022-22928.md
new file mode 100644
index 0000000..51fff1f
--- /dev/null
+++ b/CVE-2022-22928.md
@@ -0,0 +1,12 @@
+## MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)
+
+|   **Vulnerability**  | **MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)**  |
+| :----:   | :-----|
+|  **Chinese name**  | 铭飞 MCMS shiro 反序列化漏洞（CVE-2022-22928） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body=\"铭飞Mcms\" \|\| title=\"铭飞Mcms\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTWNtcyIgfHwgdGl0bGU9IumTremjnk1jbXMi) |
+| **Number of assets affected**  | 295 |
+| **Description**  | Mingfei Mcms is a complete open source J2EE system of Mingfei Technology Co., Ltd. Mingfei Mcms V5 2.2 and earlier versions contain a security vulnerability, which stems from the existence of hard coded Shiro key in the software, which allows attackers to exploit the key and execute arbitrary code. |
+| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/04/12/6e4ebece1945ba6f.gif)