PHPackages deployecommerce/module-prevent-customer-address-file-upload - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [File & Storage](/categories/file-storage) 4. / 5. deployecommerce/module-prevent-customer-address-file-upload ActiveMagento2-module[File & Storage](/categories/file-storage) deployecommerce/module-prevent-customer-address-file-upload =========================================================== A Magento2 extension that prevents file uploads to the /customer/address\_file/upload endpoint. 0.0.3(6mo ago)72.8k↓21.9%1MITPHP Since Oct 29Pushed 6mo agoCompare [ Source](https://github.com/DeployEcommerce/module-prevent-customer-address-file-upload)[ Packagist](https://packagist.org/packages/deployecommerce/module-prevent-customer-address-file-upload)[ RSS](/packages/deployecommerce-module-prevent-customer-address-file-upload/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (2)Versions (4)Used By (0) module-prevent-customer-address-file-upload =========================================== [](#module-prevent-customer-address-file-upload) This is a Magento 2 extension that prevents file uploads to `/customer/address_file/upload` endpoint which is used in combination with an flaw in Magento's logic to upload code and then execute it for CVE-2025-54236. Although Adobe patched the part of the code that allows execution of the upload they didn't make any changes to the behaviour that allows upload of files. ### Installation [](#installation) ``` composer require deployecommerce/module-prevent-customer-address-file-upload bin/magento mo:e DeployEcommerce_PreventCustomerAddressFileUpload ``` ### Further Reading [](#further-reading) - - ### License [](#license) This module is licensed under the MIT License. See the [LICENSE](LICENSE.md) file for details. ### Thanks [](#thanks) Thanks go to Daniel Sloof at [Sansec](https://sansec.io) and the #security channel in the Magento Open Source Slack as we've had many discussions on the issue over the past few weeks. Much thanks go to Blaklis too for his work on reporting the issue and follow up conversations around the exploit. ### Health Score 34 — LowBetter than 77% of packages Maintenance66 Regular maintenance activity Popularity29 Limited adoption so far Community7 Small or concentrated contributor base Maturity27 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 201d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/254889?v=4)[Scott](/maintainers/ssx)[@ssx](https://github.com/ssx) --- Top Contributors [![ssx](https://avatars.githubusercontent.com/u/254889?v=4)](https://github.com/ssx "ssx (4 commits)") --- Tags magentofileuploadmagento2adobe commerceCVE-2025-54236sessionreaper ### Embed Badge ![Health badge](/badges/deployecommerce-module-prevent-customer-address-file-upload/health.svg) ``` [![Health](https://phpackages.com/badges/deployecommerce-module-prevent-customer-address-file-upload/health.svg)](https://phpackages.com/packages/deployecommerce-module-prevent-customer-address-file-upload) ``` ### Alternatives [kartik-v/bootstrap-fileinput An enhanced HTML 5 file input for Bootstrap 5.x, 4.x, and 3.x with features for file preview for many file types, multiple selection, ajax uploads, and more. 5.4k7.9M13](/packages/kartik-v-bootstrap-fileinput)[unisharp/laravel-filemanager A file upload/editor intended for use with Laravel 5 to 10 and CKEditor / TinyMCE 2.2k3.3M74](/packages/unisharp-laravel-filemanager)[sonata-project/media-bundle Symfony SonataMediaBundle 4625.5M71](/packages/sonata-project-media-bundle)[kartik-v/yii2-widget-fileinput An enhanced FileInput widget for Bootstrap 3.x, 4.x & 5.x with file preview, multiple selection, and more features (sub repo split from yii2-widgets) 2286.8M95](/packages/kartik-v-yii2-widget-fileinput)[fof/upload The file upload extension for the Flarum forum with insane intelligence. 188171.7k15](/packages/fof-upload)[czim/laravel-paperclip Laravel Eloquent file attachment solution 80802.1k6](/packages/czim-laravel-paperclip) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)