diff --git a/vBulletin/CVE-2019-16759/CVE-2019-16759.gif b/vBulletin/CVE-2019-16759/CVE-2019-16759.gif
new file mode 100644
index 0000000..a63a5fc
Binary files /dev/null and b/vBulletin/CVE-2019-16759/CVE-2019-16759.gif differ
diff --git a/vBulletin/CVE-2019-16759/README.md b/vBulletin/CVE-2019-16759/README.md
new file mode 100644
index 0000000..95e76fd
--- /dev/null
+++ b/vBulletin/CVE-2019-16759/README.md
@@ -0,0 +1,11 @@
+# CVE-2019-16759 vBulletin 5.x Remote Code Execution Vulnerability
+
+vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
+
+**Affected version**: vBulletin 5.x - 5.5.4
+
+**[FOFA](https://fofa.so/result?qbase64=YXBwPSJ2QnVsbGV0aW4i) query rule**: app="vBulletin"
+
+# Demo
+
+![](CVE-2019-16759.gif)
\ No newline at end of file