diff --git a/modules/vulnerabilities/unix/webapp/gravcms/files/grav-admin.zip b/modules/vulnerabilities/unix/webapp/gravcms/files/grav-admin.zip
new file mode 100644
index 000000000..39c17ff1e
Binary files /dev/null and b/modules/vulnerabilities/unix/webapp/gravcms/files/grav-admin.zip differ
diff --git a/modules/vulnerabilities/unix/webapp/gravcms/gravcms.pp b/modules/vulnerabilities/unix/webapp/gravcms/gravcms.pp
new file mode 100644
index 000000000..3b28ee11d
--- /dev/null
+++ b/modules/vulnerabilities/unix/webapp/gravcms/gravcms.pp
@@ -0,0 +1 @@
+include gravcms::install
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/webapp/gravcms/manifests/install.pp b/modules/vulnerabilities/unix/webapp/gravcms/manifests/install.pp
new file mode 100644
index 000000000..f7587eecc
--- /dev/null
+++ b/modules/vulnerabilities/unix/webapp/gravcms/manifests/install.pp
@@ -0,0 +1,46 @@
+class gravcms::install {
+ ensure_packages(['apache2', 'php', 'libapache2-mod-php', 'php-mbstring', 'php-curl', 'php-dom', 'php-xml', 'php-zip', 'php-gd'])
+
+ Exec {path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+ environment => ['http_proxy=http://172.22.0.51:3128',
+ 'https_proxy=http://172.22.0.51:3128',
+ 'ftp_proxy=http://172.22.0.51:3128'] }
+
+ exec {'enable-mod-rewrite':
+ command => 'sudo a2enmod rewrite',
+ } ->
+ file {'/var/www/html':
+ ensure => directory,
+ owner => 'www-data',
+ } ->
+ file {'/var/www/html/grav_admin.zip':
+ source => 'puppet:///modules/gravcms/grav-admin.zip',
+ owner => 'www-data',
+ group => 'www-data',
+ } ->
+ exec {'extract-grav-cmd':
+ command => 'unzip -x grav_admin.zip; rm grav_admin.zip',
+ cwd => '/var/www/html/',
+ user => 'www-data',
+ creates => '/var/www/html/grav-admin',
+ } ->
+ exec {'enable-htaccess':
+ command => 'sed -i "//,/<\/Directory>/ s/AllowOverride None/AllowOverride all/" /etc/apache2/apache2.conf',
+ } ->
+ exec {'enable-web-server':
+ command => 'systemctl enable apache2',
+ } ->
+ exec {'restart-web-server':
+ command => 'systemctl restart apache2',
+ }
+
+ $leaked_filenames = ["flag1"]
+ $strings_to_leak = ["we_love_the_insecure_cms_we_do"]
+
+ ::secgen_functions::leak_files { 'gravcms':
+ storage_directory => "/var/www/html/grav-admin",
+ leaked_filenames => $leaked_filenames,
+ strings_to_leak => $strings_to_leak,
+ leaked_from => 'gravcms',
+ }
+}
diff --git a/modules/vulnerabilities/unix/webapp/gravcms/secgen_metadata.xml b/modules/vulnerabilities/unix/webapp/gravcms/secgen_metadata.xml
new file mode 100644
index 000000000..158ed08dd
--- /dev/null
+++ b/modules/vulnerabilities/unix/webapp/gravcms/secgen_metadata.xml
@@ -0,0 +1,40 @@
+
+
+
+ GravCMS
+ Harry J. Hall
+ MIT
+ This module exploits arbitrary config write/update vulnerability to achieve remote code execution.
+ Unauthenticated users can execute a terminal command under the context of the web server user.
+ Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages.
+ In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without
+ needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of
+ existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes,
+ such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability,
+ an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command
+ under the context of the web-server user.
+
+ web
+ user_rwx
+ remote
+ linux
+ medium
+
+ server_name
+ strings_to_leak
+ leaked_filenames
+
+
+
+
+
+
+
+
+
+
+ https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/gravcms_exec.rb
+
+
\ No newline at end of file