diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 602c8c2f14..121f9bafe0 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -98937,6 +98937,47 @@
     "notes": {
     }
   },
+  "exploit_windows/fileformat/winrar_ace": {
+    "name": "RARLAB WinRAR ACE Format Input Validation Remote Code Execution",
+    "full_name": "exploit/windows/fileformat/winrar_ace",
+    "rank": 600,
+    "disclosure_date": "2019-02-05",
+    "type": "exploit",
+    "author": [
+      "Nadav Grossman",
+      "Imran E. Dawoodjee <imrandawoodjee.infosec@gmail.com>"
+    ],
+    "description": "In WinRAR versions prior to and including 5.61, there is path traversal vulnerability\n        when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename\n        field is manipulated with specific patterns, the destination (extraction) folder is\n        ignored, thus treating the filename as an absolute path. This module will attempt to\n        extract a payload to the startup folder of the current user. It is limited such that\n        we can only go back one folder. Therefore, for this exploit to work properly, the user\n        must extract the supplied RAR file from one folder within the user profile folder\n        (e.g. Desktop or Downloads). User restart is required to gain a shell.",
+    "references": [
+      "CVE-2018-20250",
+      "EDB-46552",
+      "BID-106948",
+      "URL-https://research.checkpoint.com/extracting-code-execution-from-winrar/",
+      "URL-https://apidoc.roe.ch/acefile/latest/",
+      "URL-http://www.hugi.scene.org/online/coding/hugi%2012%20-%20coace.htm"
+    ],
+    "platform": "Windows",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "RARLAB WinRAR <= 5.61"
+    ],
+    "mod_time": "2019-04-24 05:43:28 +0000",
+    "path": "/modules/exploits/windows/fileformat/winrar_ace.rb",
+    "is_install_path": true,
+    "ref_name": "windows/fileformat/winrar_ace",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
   "exploit_windows/fileformat/winrar_name_spoofing": {
     "name": "WinRAR Filename Spoofing",
     "full_name": "exploit/windows/fileformat/winrar_name_spoofing",