1 admin add a client, or a client signup.
2 the client logins and edit himeself
3 the client change his COMPANY as β=1+cmd|β/C calcβ!A0β
4 admin go to export the client as a csv file
5 admin open the csv and we can see that the calculator is opened.
see https://owasp.org/www-community/attacks/CSV_Injection to fix it