Insecure CGI example:
print "Enter a command to execute:"
my $command = <STDIN>;
system($command);   # BAD!

User enters 'rm -fR *' !!!