PHPackages basecom/magento2-disable-customer-address-file-upload - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. basecom/magento2-disable-customer-address-file-upload ActiveMagento2-module[Security](/categories/security) basecom/magento2-disable-customer-address-file-upload ===================================================== Disable the controller that allows users to upload files for customer address attributes. 1.0.0(6mo ago)92.3k—5%2[1 PRs](https://github.com/basecom/magento2-disable-customer-address-file-upload/pulls)MITPHPPHP 7.4|~8.1CI passing Since Oct 29Pushed 6mo agoCompare [ Source](https://github.com/basecom/magento2-disable-customer-address-file-upload)[ Packagist](https://packagist.org/packages/basecom/magento2-disable-customer-address-file-upload)[ RSS](/packages/basecom-magento2-disable-customer-address-file-upload/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) Basecom\_DisableCustomerAddressFileUpload Module ================================================ [](#basecom_disablecustomeraddressfileupload-module) [![Packagist](https://camo.githubusercontent.com/8653192bd537f649386e2ae0365fadabbe30c4f1de7790acb5b35cff22952399/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f62617365636f6d2f6d6167656e746f322d64697361626c652d637573746f6d65722d616464726573732d66696c652d75706c6f61642e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/basecom/magento2-disable-customer-address-file-upload)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Supported Magento Versions](https://camo.githubusercontent.com/2113b3a30955562f026a2b7dda3a09fee30d0c49aacbfce67193c5dc7b434617/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d6167656e746f2d322e342d627269676874677265656e2e7376673f6c6f676f3d6d6167656e746f266c6f6e6743616368653d74727565267374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/2113b3a30955562f026a2b7dda3a09fee30d0c49aacbfce67193c5dc7b434617/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d6167656e746f2d322e342d627269676874677265656e2e7376673f6c6f676f3d6d6167656e746f266c6f6e6743616368653d74727565267374796c653d666c61742d737175617265) This module disables the file upload functionality for customer address attributes in Magento 2. This file upload is by default open to every user and can open up your system to security vulnerabilities. The SessionReaper attacks exploit this endpoint to upload malicious files to your server and then execute them. While the remote code execution vulnerability has been patched, the upload endpoint was kept open and remains a security risk. Install this module to disable the upload endpoint and secure your Magento installation. Installation ------------ [](#installation) 1. Install the module via composer ``` composer require basecom/magento2-disable-customer-address-file-upload ``` 2. Enable the module ``` bin/magento module:enable Basecom_DisableCustomerAddressFileUpload bin/magento setup:upgrade ``` Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. License ------- [](#license) Licensed under the [MIT](LICENSE) license. Copyright --------- [](#copyright) basecom GmbH & Co. KG ### Health Score 40 — FairBetter than 88% of packages Maintenance66 Regular maintenance activity Popularity30 Limited adoption so far Community7 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 201d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4a67758dd1f3d42f956d3954dd65c125cdb85d0750c2cea0afaa139d4d5f5acb?d=identicon)[basecom](/maintainers/basecom) --- Top Contributors [![mfickers](https://avatars.githubusercontent.com/u/12683535?v=4)](https://github.com/mfickers "mfickers (1 commits)") ### Embed Badge ![Health badge](/badges/basecom-magento2-disable-customer-address-file-upload/health.svg) ``` [![Health](https://phpackages.com/badges/basecom-magento2-disable-customer-address-file-upload/health.svg)](https://phpackages.com/packages/basecom-magento2-disable-customer-address-file-upload) ``` ### Alternatives [imi/magento2-friendly-captcha Friendly Captcha integration for Magento2 18116.2k](/packages/imi-magento2-friendly-captcha)[dotdigital/dotdigital-magento2-extension Dotdigital for Magento 2 50374.2k18](/packages/dotdigital-dotdigital-magento2-extension)[pixelopen/magento-cloudflare-turnstile Protect your store from spam messages and spam user accounts with Cloudflare Turnstile 5325.4k1](/packages/pixelopen-magento-cloudflare-turnstile)[yireo/magento2-csp-whitelist-inline-js Magento module to automatically add inline JS script to CSP whitelist 2974.7k](/packages/yireo-magento2-csp-whitelist-inline-js)[sansec/magento2-module-shield 14111.8k](/packages/sansec-magento2-module-shield)[mage-os/module-inventory-reservations-grid Add a grid with the list of inventory reservations. 126.8k](/packages/mage-os-module-inventory-reservations-grid) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)