Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()
Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...