Here's a script I use. It adds a password check.
in reply to Run arbitrary UNIX commands on webserver without telnet
You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
use CGI qw(header param);
$| = 1;
# Crypted password
my $HASH = "azEehXEsKGpt6";
# Fetch CGI input
my $password = param('password');
my $command = param('command');
# Output HTML
print << "END";
<input type="password" name="password" value="$password"><br>
<input type="text" name="command"><br>
# If the password is correct, execute the command
if (crypt($password, $HASH) eq $HASH)