If the former, the injection vulnerability would be in the script talking to the server/database via CGI, rather than in CGI itself.
If the latter I don't remember any major unpatched vulnerabilities in CGI.pm, but it was epically inefficient.
If the former, the injection vulnerability would be in the script talking to the server/database via CGI, rather than in CGI itself.
If the latter I don't remember any major unpatched vulnerabilities in CGI.pm, but it was epically inefficient.