Download the PHP package basecom/magento2-disable-customer-address-file-upload without Composer
On this page you can find all versions of the php package basecom/magento2-disable-customer-address-file-upload. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download basecom/magento2-disable-customer-address-file-upload
More information about basecom/magento2-disable-customer-address-file-upload
Files in basecom/magento2-disable-customer-address-file-upload
Package magento2-disable-customer-address-file-upload
Short Description Disable the controller that allows users to upload files for customer address attributes.
License MIT
Informations about the package magento2-disable-customer-address-file-upload
Basecom_DisableCustomerAddressFileUpload Module
This module disables the file upload functionality for customer address attributes in Magento 2. This file upload is by default open to every user and can open up your system to security vulnerabilities.
The SessionReaper attacks exploit this endpoint to upload malicious files to your server and then execute them. While the remote code execution vulnerability has been patched, the upload endpoint was kept open and remains a security risk.
Install this module to disable the upload endpoint and secure your Magento installation.
Installation
-
Install the module via composer
- Enable the module
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
License
Licensed under the MIT license.
Copyright
basecom GmbH & Co. KG
All versions of magento2-disable-customer-address-file-upload with dependencies
magento/framework Version >=103.0.0.4
magento/module-customer Version >=102.0.2