The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk


Reported on

May 14th 2022


  1. go to signup form:
  2. Fill the Full Name input field with huge characters(more than lakhs or crores)
  3. After created the account, check the admin panel:, go to Accounts --> customers
  4. The admin panel will be flooded with our payload

POC Screenshot:

POC video:


  1. It can leads to Senial of service attack
We are processing your report and will contact the polonel/trudesk team within 24 hours. 10 months ago
polonel/trudesk maintainer has acknowledged this report 10 months ago
Chris Brame assigned a CVE to this report 10 months ago
Chris Brame validated this vulnerability 10 months ago
Akshay Ravi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris Brame marked this as fixed in 1.2.2 with commit 87e231 10 months ago
Chris Brame has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation