This is a known bug in PHP-CGI that allows for remote code execution, scooby and wiley are both susceptible. I have access to wiley and have implemented a config redirect-based workaround for wiki.mb, but forums is where this was found (see the image linked above) and it appears to be compromised. The script code listed therein seems to only appear on firefox on windows.
I'm not sure what's been gotten into; from what I can figure out from syswiki this shouldn't have escalated beyond access to PunBB, but that could be plenty bad.
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ is the original advisory
http://www.php.net/archive/2012.php#id2012-05-03-1 lists the mod_rewrite-based workaround that I implemented on wiley.