Re: Even perl has some resemblance of CGI security
Bash cgis tend to fall into the category of informational only. They don't take any inputs at all and just provide info. Those are now open to abuse since a simple wget with the right parameters can cause them to do all sorts of hackery things.
Oddly enough other shells that can share functions with subshells have similar problems. Some even allow overwriting things like cp, ls or cat and you can guess that most "write only" cgis written in a shell will use at least one of them.