diff --git a/OpenSMTPD/CVE-2020-7247/README.md b/OpenSMTPD/CVE-2020-7247/README.md
new file mode 100644
index 0000000..dc8a5e6
--- /dev/null
+++ b/OpenSMTPD/CVE-2020-7247/README.md
@@ -0,0 +1,10 @@
+# CVE-2020-7247 OpenSMTPD Remote Code Execution Vulnerability
+
+`smtp_mailaddr` in `smtp_session.c` in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
+
+**[FOFA](https://fofa.so/result?qbase64=YmFubmVyPSJvcGVuc210cGQiICYmIHByb3RvY29sPT0ic210cCI%3D) query rule**: banner="opensmtpd" && protocol=="smtp"
+
+# Demo
+
+![](CVE-2020-7247.gif)
+