SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote malicious user to escalate privileges via the name parameter in the myform.php endpoint.