"myear" obtained is coming from request parameter. and "temp" is untraceable

Hi Team,
After veracode scanning i got this flaw.So guide me in solving this issue

public string GenerateReport(string myear,System.Web.HttpRequest request)
{
string base_path = request.MapPath("temp");
string path = base_path + "\\" + "maproNachkal" + myear +".xls";
base_path = base_path + "\\" + "maproNachkal.xls";
CultureInfo sw = new CultureInfo("de-CH", true);

if(File.Exists(base_path))
{
long lngFileSize;
byte[] bytBuffer;
int iReading;

string sFileName = base_path;

if(File.Exists(path))
File.Delete(path);

System.IO.FileStream fStream = new System.IO.FileStream(sFileName,System.IO.FileMode.OpenOrCreate,System.IO.FileAccess.Read);
System.IO.FileStream outStream = new System.IO.FileStream(path,System.IO.FileMode.OpenOrCreate,System.IO.FileAccess.Write);

lngFileSize = fStream.Length;
bytBuffer = new byte[(int)lngFileSize];

while((iReading=fStream.Read(bytBuffer,0,(int)lngFileSize)) > 0)
{
outStream.Write(bytBuffer,0,iReading);
}

fStream.Close();
outStream.Close();
System.GC.Collect();

string connectionStringExcel = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + path+ ";Extended Properties='Excel 8.0;HDR=YES'";
OleDbConnection connOle = new OleDbConnection(connectionStringExcel);

try
{
connOle.Open();
OleDbCommand com = connOle.CreateCommand();
string cmdText = "DROP TABLE Report";
com.CommandText = cmdText;
com.ExecuteNonQuery();

// cmdText = "CREATE TABLE Report (Datum Text,VG_UG Text,NameVN Text,VstNr Integer,Sti Text,ArtEnt Text,ArtPr Text,Prov float,Bestan float,Differenz float)";
cmdText = "CREATE TABLE Report (Datum Text,VG_UG Text,NameVN Text,VstNr Text,Sti Text,ArtEnt Text,ArtPr Text,Differenz float)";
com.CommandText = cmdText;
com.ExecuteNonQuery();


ZurichNS.Data.MaklersData mData = new MaklersData();

int oldYear = int.Parse(myear) - 1;