basecom/magento2-disable-customer-address-file-upload

Disable the controller that allows users to upload files for customer address attributes.

Maintainers

Details

github.com/basecom/magento2-disable-customer-address-file-upload

Source

Issues

Installs: 15

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:magento2-module

pkg:composer/basecom/magento2-disable-customer-address-file-upload

1.0.0 2025-10-29 13:06 UTC

Requires

  • php: 7.4|~8.1
  • magento/framework: >=103.0.0.4
  • magento/module-customer: >=102.0.2

MIT bcf4c5f68700b444c85e7dfff4d6f9bf00f9f4a3

  • Team Magento @basecom <magento.woop@basecom.de>
  • Maximilian Fickers <m.fickers.woop@basecom.de>

This package is auto-updated.

Last update: 2025-10-29 14:52:47 UTC

README

Packagist Software License Supported Magento Versions

This module disables the file upload functionality for customer address attributes in Magento 2. This file upload is by default open to every user and can open up your system to security vulnerabilities.

The SessionReaper attacks exploit this endpoint to upload malicious files to your server and then execute them. While the remote code execution vulnerability has been patched, the upload endpoint was kept open and remains a security risk.

Install this module to disable the upload endpoint and secure your Magento installation.

Installation

  1. Install the module via composer

    composer require basecom/magento2-disable-customer-address-file-upload

  2. Enable the module

    bin/magento module:enable Basecom_DisableCustomerAddressFileUpload
bin/magento setup:upgrade

Security

If you discover any security related issues, please email magento@basecom.de instead of using the issue tracker.

License

Licensed under the MIT license.

Copyright

basecom GmbH & Co. KG