system_advanced_sysctl.php lacking input validation, output sanitation
system_advanced_sysctl.php has no input validation (in 2.2.x either). We should be safe to limit Tunable and Value fields to alphanumeric plus - . and _
Tunable and Value should both be required fields. No restrictions on description necessary.
It's also XSS-able, where 2.2.x isn't. For instance, throw
into any of the fields.