Vulnerabilities ›

CVE-2026-10694

High

CWE-73 — Weakness Type

                    Published: Jun 3, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used.

🤖 AI Executive Summary

CVE-2026-10694 is a remote file inclusion vulnerability in SourceCodester Online Food Ordering System 2.0 affecting the /index.php file's page parameter. This publicly disclosed vulnerability allows attackers to include arbitrary files remotely, potentially leading to code execution and system compromise.

📄 Description (Arabic)

تؤثر هذه الثغرة على نظام SourceCodester لطلب الطعام أون لاين الإصدار 2.0 من خلال عيب في إدراج الملفات في معامل page بملف /index.php. يمكن للمهاجمين استغلال هذه الثغرة المعروفة علناً بشكل بعيد لإدراج ملفات ضارة وتنفيذ أكواد تعسفية على الأنظمة المتأثرة.

🤖 ملخص تنفيذي (AI)

This vulnerability affects SourceCodester Online Food Ordering System 2.0 through a file inclusion flaw in the page parameter of /index.php. Attackers can remotely exploit this publicly known vulnerability to include malicious files and potentially execute arbitrary code on affected systems.

🤖 AI Intelligence Analysis Analyzed: Jun 7, 2026 06:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1105 T1059

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update SourceCodester Online Food Ordering System to the latest patched version. Implement input validation and sanitization for the page parameter. Disable remote file inclusion in PHP configuration (allow_url_include=Off). Apply Web Application Firewall rules to block file inclusion attempts. Conduct security audit of all file inclusion functions.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام SourceCodester لطلب الطعام أون لاين إلى أحدث إصدار معدل فوراً. طبق التحقق من صحة المدخلات وتنظيفها لمعامل page. عطل إدراج الملفات البعيدة في إعدادات PHP (allow_url_include=Off). طبق قواعد جدار حماية تطبيقات الويب لحجب محاولات إدراج الملفات. أجرِ تدقيق أمني لجميع وظائف إدراج الملفات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3 7.1

🔵 SAMA CSF

ID.BE-3.1 PR.AC-1.1 PR.AC-1.2 DE.CM-1.1

🟡 ISO 27001:2022

A.6.1.2 A.13.1.1 A.13.2.1 A.14.2.1

🔗 References & Sources 6

🔗

https://github.com/Mikkoseven/cve/issues/4

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-10694

cna@vuldb.com

🔗

https://vuldb.com/submit/830903

cna@vuldb.com

🔗

https://vuldb.com/vuln/367963

cna@vuldb.com

🔗

https://vuldb.com/vuln/367963/cti

cna@vuldb.com

🔗

https://www.sourcecodester.com/

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-73

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-06-03

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-73

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10694

Introduce Yourself

Sign In Required