This is a false positive and isn't a real SQL injection hole. It is detecting that these two urls return a different result and it assumes that is because it is getting information from the database.
https://www.yoursite.co.uk/theagency/index.php?&accesscheck=/theagency/inde x.php?-1' AND 'yUOyV'='pVXHK' OR 'yUOyV'='yUOyV' OR '1234'='747235
https://www.yoursite.co.uk/theagency/index.php?&accesscheck=/theagency/inde x.php?-1' AND 'oQqtS'='llomj' OR 'oQqtS'='llomj' OR '1234'='734102
However, if you follow those two links the pages are different because one is going to a 404 page, not because any information is coming from the database. That means this isn't really an issue.