CVE-2006-3040 : PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows rem

PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement

Published 2006-06-15 10:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-3040

Amr Talkbox » Amr Talkbox
cpe:2.3:a:amr_talkbox:amr_talkbox:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3040

EPSS FAQ

0.88%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3040

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-3040

http://www.securityfocus.com/archive/1/437266/100/0/threaded
http://www.osvdb.org/27455

404 Not Found
https://exchange.xforce.ibmcloud.com/vulnerabilities/27122

Vulnerability Report
http://securityreason.com/securityalert/1105

Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities - CXSecurity.com
http://www.securityfocus.com/archive/1/436993/100/0/threaded

Jump to

Vulnerability Details : CVE-2006-3040

Products affected by CVE-2006-3040

Exploit prediction scoring system (EPSS) score for CVE-2006-3040

CVSS scores for CVE-2006-3040

References for CVE-2006-3040