PHPackages                             deployecommerce/module-prevent-customer-address-file-upload - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [File &amp; Storage](/categories/file-storage)
4. /
5. deployecommerce/module-prevent-customer-address-file-upload

ActiveMagento2-module[File &amp; Storage](/categories/file-storage)

deployecommerce/module-prevent-customer-address-file-upload
===========================================================

A Magento2 extension that prevents file uploads to the /customer/address\_file/upload endpoint.

0.0.3(8mo ago)84.3k↓60.9%2MITPHP

Since Oct 29Pushed 8mo agoCompare

[ Source](https://github.com/DeployEcommerce/module-prevent-customer-address-file-upload)[ Packagist](https://packagist.org/packages/deployecommerce/module-prevent-customer-address-file-upload)[ RSS](/packages/deployecommerce-module-prevent-customer-address-file-upload/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (3)Dependencies (2)Versions (4)Used By (0)

module-prevent-customer-address-file-upload
===========================================

[](#module-prevent-customer-address-file-upload)

This is a Magento 2 extension that prevents file uploads to `/customer/address_file/upload` endpoint which is used in combination with an flaw in Magento's logic to upload code and then execute it for CVE-2025-54236.

Although Adobe patched the part of the code that allows execution of the upload they didn't make any changes to the behaviour that allows upload of files.

### Installation

[](#installation)

```
composer require deployecommerce/module-prevent-customer-address-file-upload
bin/magento mo:e DeployEcommerce_PreventCustomerAddressFileUpload
```

### Further Reading

[](#further-reading)

-
-

### License

[](#license)

This module is licensed under the MIT License. See the [LICENSE](LICENSE.md) file for details.

### Thanks

[](#thanks)

Thanks go to Daniel Sloof at [Sansec](https://sansec.io) and the #security channel in the Magento Open Source Slack as we've had many discussions on the issue over the past few weeks. Much thanks go to Blaklis too for his work on reporting the issue and follow up conversations around the exploit.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance61

Regular maintenance activity

Popularity30

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity27

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

3

Last Release

248d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/254889?v=4)[Scott](/maintainers/ssx)[@ssx](https://github.com/ssx)

![](https://avatars.githubusercontent.com/u/2587545?v=4)[Nathan Chick](/maintainers/nathanchick)[@nathanchick](https://github.com/nathanchick)

---

Top Contributors

[![ssx](https://avatars.githubusercontent.com/u/254889?v=4)](https://github.com/ssx "ssx (4 commits)")

---

Tags

magentofileuploadmagento2adobe commerceCVE-2025-54236sessionreaper

### Embed Badge

![Health badge](/badges/deployecommerce-module-prevent-customer-address-file-upload/health.svg)

```
[![Health](https://phpackages.com/badges/deployecommerce-module-prevent-customer-address-file-upload/health.svg)](https://phpackages.com/packages/deployecommerce-module-prevent-customer-address-file-upload)
```

###  Alternatives

[mollie/magento2

Mollie Payment Module for Magento 2

1131.9M16](/packages/mollie-magento2)[loki/magento2-components

Core module for defining Alpine.js components with advanced AJAX features

1011.8k26](/packages/loki-magento2-components)[imi/magento2-friendly-captcha

Friendly Captcha integration for Magento2

19131.4k](/packages/imi-magento2-friendly-captcha)[opengento/module-category-import-export

This module add the capability to import and export the categories from the back-office.

1310.9k2](/packages/opengento-module-category-import-export)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
