Yes this Remote PHP Code Execution Exploit , it was disputed issue if it was protector fault or xoops . the safe thing to do if u put protector outside ur site root . any way this Bug was fixed with xoops 2.3.3 so if u still running xoops 2.3.2 you need to update . and or updtae your protector to the lastest release .
From the Code u provided i see he or she was attempt to leave u message say ' Pandega was here ..' .. Hahah the Joke on Him Now since u Cought Him .. if it Me i would Leave Message on my Site Says ;Pandega was Not here .Ha.<
see link below where this issue was addressed and what suggestions were provided ..
http://www.xoops.org/modules/news/article.php?storyid=4601