First, that is buggy. If there are 3 files that matches the pattern and only two can be deleted, you won't get an error. The problem should have been obvious to you when you found you were unable to specify which file couldn't be deleted. Fix:

for (glob ("$upload_dir/$in{'imgid'}.*")) {
   unlink($_)
      or die("Can't delete file $_: $!\n");
}
[download]

Does a way exist to satisfy the taint check on a wild card such as

To delete the contents of a path, all you have to do is make sure the path is correct.

use Scalar::Util qw( tainted );

die("Tainted") if tainted($upload_dir) || tainted($in{'imgid'});

for (glob ("$upload_dir/$in{'imgid'}.*")) {
   unlink(/(.*)/s)
      or die("Can't delete file $_: $!\n");
}
[download]