Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
phpjabbers car rental script 3.0