SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.