The trudesk application allows large characters to insert in the input field "Name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in polonel / trudesk in polonel/trudesk


Reported on

May 16th 2022

Proof of Concept

1 - Go to Profile or

2 - and fill name input field with huge characters

Payload :-

Video POC :-

Screenshot of POC -:


It can leads to denial of service attack

We are processing your report and will contact the polonel/trudesk team within 24 hours. 2 years ago
polonel/trudesk maintainer has acknowledged this report 2 years ago
Chris validated this vulnerability 2 years ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
2 years ago


This has been fixed in v1.2.2. I will update this report once it has been released.

2 years ago


@admin can you please assigned as cve

Jamie Slome
2 years ago


Sorted 👍

We have sent a fix follow up to the polonel/trudesk team. We will try again in 7 days. 2 years ago
Chris marked this as fixed in 1.2.2 with commit e836d0 2 years ago
Chris has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation