diff --git a/docs/advisories/20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability.md b/docs/advisories/20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability.md
new file mode 100644
index 000000000..15e3b0488
--- /dev/null
+++ b/docs/advisories/20231117001-Oracle-Fusion-Middleware-PHP-Remote-File-Inclusion-Vulnerability.md
@@ -0,0 +1,30 @@
+# Oracle Fusion Middleware PHP Remote File Inclusion Vulnerability - 20231117001
+
+## Overview
+
+The WA SOC has observed a high vulnerability in Oracle software configuration, whereby the api handling endpoint allows for a local file inclusion that can lead to remote code execution. It requires a valid api token which can be obtained via a database backup (with account access), a number of different sql injections (with account access), or stolen from a user.
+
+## What is the vulnerability?
+
+[**CVE-2023-2551**](https://nvd.nist.gov/vuln/detail/CVE-2023-2551) - CVSS v3 Base Score: ***8.8***
+
+## What is vulnerable?
+
+The vulnerability affects the following products:
+
+- [PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1](https://huntr.com/bounties/5723613c-55c6-4f18-9ed3-61ad44f5de9c/)
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Bug Fixing](https://github.com/unilogies/bumsys/commit/86e29dd23df348ec6075f0c0de8e06b8d9fb0a9a)
+
+## Additional References
+
+- [Mitre CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2551)
+