A vulnerability categorized as critical has been discovered in SourceCodester Pizzafy Ecommerce System 1.0 . The affected element is an unknown function of the file /index.php . Executing a manipulation of the argument page can lead to file inclusion. This vulnerability appears as CVE-2026-10559 . The attack may be performed from remote. In addition, an exploit is available.