It doesn't look like anyone else has posted this to use.perl yet. A security flaw in CGI::Lite was posted to bugtraq yesterday. Essentially, the escape_dangerous_chars() method fails to escape a number of metacharacters.
The impact statement says:
If the CGI::Lite::escape_dangerous_chars() function is used within (for example) a web CGI script, a remote attacker may be able to read and/or write local files on the attacked web server and/or may be able to gain shell-level access to the attacked web server, via the CGI script, as the user-id under which the CGI script is executed (typically, but not always the `nobody' user).
The potential exists for remote root compromise (or other privileged access) if a CGI script using CGI::Lite::escape_dangerous_chars() is installed as set-uid (root) or set-gid.
