The CGI scripts are perl scripts, so, if you have compromised a server that can execute .cgi scripts you can upload a perl reverse shell (/usr/share/webshells/perl/perl-reverse-shell.pl), change the extension from .pl to .cgi, give execute permissions (chmod +x) and access the reverse shell from the web browser to execute it. In order to test for CGI vulns it's recommended to use nikto -C all (and all the plugins)

source:https://book.hacktricks.xyz/pentesting/pentesting-web/cgi

Upload the perl rev shell to the victim and run it. i.e) using LFI vuln that's executing with a root priv.