we have been testing plesk for awhile now we have bought plesk 7.5.4 and installed all the patches and are running it with mail enable enterprise on a win 2003 std. we then had a user who we gave a account(domain user) www.Somedomain.xx he then installed an cms system (php) called pMachinePro2.4 on his webhotel/webspace after installation he went into his website (cms backend) as an cms admin an clicked on file manager button and got instant access to the hole drive incl all other domains db's and the psa db with all plesk passes and so forth THIS MY FRIENDS IS A serious security breech how do i solve this !!!! ??? i am quite chocked !!