Injection via CSV Export feature in Admin Orders

i found out that the filtering of "=,-,+" is not working in all data. there's a way to bypass it. 1. Create a product with title =cmd|' /C calc'!'D2' 2. Add variants (more than 2 variants) then save it. 3. Go to Orders > Create Order 4. search the product we made =cmd|' /C calc'!'D2' 5. Add 2 variants from same item 6. Mark as paid 7. Create Order 8. Go Back to order page > Export > Open in excel you will see that the first variant is successfully filtered the "=" but the next variant is not filtered anymore.