Hi. You're running with taint mode on (-T), and you're not untainting the CGI parameter $outfile before you use it to open a file on the system for writing. The idea of taint is to stop you doing dangerous things (like opening filenames) with untrusted data (like CGI parameters). Try using a regular expression on the CGI parameter variable to check it contains what you're expecting.

cheers
ViceRaid