The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
amodat mobile application gateway