I noticed that third party extensions are able to access webserver directories outside of the current installation.
i. e. https://extensions.joomla.org/extension/profiles/:
In the configuration of that extension as a super user I can set the webserver's root directory as 'Root folder'.
This enables super users of any website on my webserver reading and even manipulating (!!) any file of other websites!
![eek :eek:](./images/smilies/icon_eek.gif)
This is an extremely dangerous vulnerability!
How can I ensure, that super users and extensions can handle files within the website's root directory, only?
Thank you very much in advance for any useful hint!
Kind regards,
Gerald