We using easyengine with multiply sites on server. We using php7 The problem is what php process have write access to all folders on servers. Example: if I have sites in folders /var/www/site1 and /var/www/site2 And I put file in /var/www/site1/test.php with code
$file = fopen('/var/www/rehitim.wg1.tempurl.tk/htdocs/test.php', 'w'); fwrite($file, '<?php echo "Hack site";?>');
I can write to file /var/www/site2/infected.php Its very basic security bug.