LFI to RCE through User-Agent

I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible escalation. So i discovered an exploit on exploit-db.com that leads to LFI, after some research i was able to do RCE through User-Agent and GET requests sending . So i’m able to read the directories and "cat" some of the files out while reading the httpd-access.log file, but i can’t run any reverse shell on the server, seems like i can’t even ‘nc’ to my machine. I managed to send a php code through the User-Agent doing the reverse shell but when i did it, the server simply crashed. Any ideas on how i could continue to explore the machine? Thanks