We using easyengine with multiply sites on server.
We using php7
The problem is what php process have write access to all folders on servers.
Example: if I have sites in folders /var/www/site1 and /var/www/site2
And I put file in /var/www/site1/test.php with code
$file = fopen('/var/www/rehitim.wg1.tempurl.tk/htdocs/test.php', 'w');
fwrite($file, '<?php echo "Hack site";?>');
I can write to file /var/www/site2/infected.php
Its very basic security bug.