attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
amodat mobile application gateway