Submit Link Subscribe

File Upload

File upload functionality in Magento — customer file uploads, media management, import file processing, and storage handling.

PolyShell Protection Module (APSB25-94)

Defense-in-depth module that blocks the PolyShell unrestricted file upload attack with layered checks: request/media path blocking, strict filename/extension validation, and polyglot content detection. Provides Composer install steps, admin-configurable allow/block lists, logging, and migration from markshust/polyshell-patch.

https://github.com/aregowe/magento2-module-polyshell-protection

4

46

#Security Patch #rest-api #module #File Upload

21 Apr 2026
Disable Customer File Upload

A Magento 2 security module that disables the unauthenticated customer address file upload endpoint to protect against CVE-2025-54236 (SessionReaper) and related file upload vulnerabilities.

https://github.com/AquiveMedia/magento2-disable-customer-upload-controller

1

16

#security #File Upload #Customers #Session Reaper

14 Nov 2025
Shutting Down File Upload Controllers for SessionReaper is futile

Since Searchlight Cyber published a technical write up and proof-of-concept for the SessionReaper vulnerability, attackers have been mass scanning Magento / Adobe Commerce stores for vulnerable targets. The first phase of the attack involves uploading a payload containing malicious session data to the server.

https://maxchadwick.xyz/blog/shutting-down-file-upload-controllers-for-session-reaper-is-futile

#security #Vulnerability #File Upload #Session Reaper

11 Nov 2025

Got a link to share?