I'm no expert on this sort of thing, but given the circumstances, I would prefer to do it as follows:

# assume $Page_Dir assigned as per your post
opendir CONF, $Page_Dir;
my @conf_files = grep /\.conf$/, readdir( CONF );
closedir CONF;

($pg) = grep /^$in{pg}.conf$/, @conf_files;
if ( $pg ) {
    require "$Page_Dir/$pg";
}
...
[download]

The point here is that the "require" statement is based entirely on information that is internal to the server -- input from a cgi form is only used to decide which known file name is being passed to "require" -- if user input does not match a safe, untainted string, it cannot have any bad side-effect.