While this may work, after taking a look at some of the code, I am uncertain if 1) it is a pure perl solution, and 2) if it is a safe solution.

Headers are parsed by hand, there is a reference to upload2.php in the source (which I did not track down to see if it is used, or if it is just a leftover), creates the upload directory mode 777, assumes the browser puts the session id into the first parameter in the query string, <redacted /> there is a significant security issue with a remote exploit, .... I stopped looking after the last one.

In short, this would be on a do not use list for me, about the same level as the original Matt's Script Archive code.

Updates:

• removed description of exploit pending notification of author, remove the "might not be safe" clause.
• 2015-04-30T10:44-05:00 - No response from the author. Looking into method of applying appropriate pressure. If this is a "top 1% project", having this exposure could be a BadThing™