Meta characters are not filtered into full name
You haven't filtered control meta characters such as %00 etc in full name field which allows an attacker to impersonate or hide their real identity within the application. This one is not rejected. It turns out that it is possible to register a user's full name with special sign %0a(appended in proxy).
Attacker can impersonate user by appending meta characters.
You should disallow nullbytes in the name(here full name field).
Happy to Help
Thanks Piyush kumar