Did you sanitize $thumbName? see perlsec, section Laundering and Detecting Tainted Data.

Try something like

$thumbName = ($thumbName =~ /^([-\@\w.\/]+)$/) ? $1 : undef;
if($thumbName) {
    open( NEWIMG, "+>$thumbName" ) or croak "Can't open new imagefile:
+ ($thumbName)  $! \n";
}
[download]

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

$thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

I'll test it w/ Scalar::Util to ensure that's the tainted part ...

If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

In perlsec is a snippet of code:

sub is_tainted {
    return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}
[download]

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}