CVE request - Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation

[Luka Pusic <luka () pusic com>]

Vesta Control Panel 0.9.7 <= 0.9.8-16 Local Privilege Escalation
Vendor Homepage: http://vestacp.com/
Software Link: https://github.com/serghey-rodin/vesta
Affected Versions: 0.9.7 and up to including 0.9.8-16

Description:
Vesta CP default install script adds /usr/local/vesta/bin/ directory into /etc/sudoers.d with the NOPASSWD option for 
the default "admin" user. All programs in /usr/local/vesta/bin/ directory can therefore be run as root. A command 
injection vulnerability in "v-get-web-domain-value" script can be exploited to run arbitrary commands and escalate from 
admin user to root.

Vulnerability:
Parameter $3 (key) in v-get-web-domain-value is not properly sanitized before being passed to bash eval.

GitHub issue: https://github.com/serghey-rodin/vesta/issues/906
GitHub fix commit: https://github.com/serghey-rodin/vesta/commit/56182cecf414a0dd833ea3db07d589be88ca5e64

Fix:
Remove "v-get-web-domain-value" script file, because it is not used anymore.