It has been reported that a remote command execution bug exists in Perlbot. By constructing a malicious request, it may be possible for a remote attacker to execute arbitrary commands, with the privileges of Perlbot.
This issue was reported for Perlbot v1.0 beta.
Solution: A workaround suggested by guejez is to replace the following line: open (MAIL,"| $sendmail $recipient") || die $!; With: open (MAIL,"| $sendmail -t") || die $!;
The vendor will reportedly fix this vulnerability in a newer release of Perlbot.