Folder security bug

We using easyengine with multiply sites on server. We using php7 The problem is what php process have write access to all folders on servers. Example: if I have sites in folders /var/www/site1 and /var/www/site2 And I put file in /var/www/site1/test.php with code

$file = fopen('/var/www/', 'w');
fwrite($file, '<?php echo "Hack site";?>');

I can write to file /var/www/site2/infected.php Its very basic security bug.

Please help.

Just edit your php.ini file and set safe_mode = On More info about php safe_mode :