That attack is only feasible if register globals is on. Also, $_CONF['path'] is never referenced by the code before it is overwritten in config.php. So while this attack is potentially a problem it would be impossible to exploit without other security holes allowing the user to upload arbitrary files to arbitrary directories.
Looking through the list of files, all of them have code that prevents them from being loaded directly from a browser. So that also stops this attack cold:
Text Formatted Code
if (strpos ($_SERVER['PHP_SELF'], 'functions.inc') !== false) {
die ('This file can not be used on its own.');
}