A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0 . Affected by this issue is the function include of the file /index.php . The manipulation of the argument page results in file inclusion. This vulnerability is reported as CVE-2026-10694 . The attack can be launched remotely. Moreover, an exploit is present.