Sourcecodester · Online Food Ordering System · CVE-2026-10694
**Name of the Vulnerable Software and Affected Versions**
SourceCodester Online Food Ordering System version 2.0
**Description**
A remote file inclusion issue exists in the `/index.php` file. The `include()` function is susceptible to manipulation via the `page` argument, allowing an attacker to include arbitrary files.
**Recommendations**
Update SourceCodester Online Food Ordering System to a version newer than 2.0.
As a temporary workaround, restrict or sanitize the input passed to the `page` argument in the `/index.php` file.