What is the vulnerability described in the text?
Grafana backend SQL injection
How can the SQL injection vulnerability be exploited?
By using a valid account login to the Grafana web backend and sending a malicious POST request to /api/ds/query with a modified 'rawSql' field
What is the risk level of this vulnerability?
High
Which versions of Grafana are affected by this vulnerability?
All versions, including the latest
Where is the affected code located?
grafana-sql package in grafana/packages/grafana-sql/src/datasource/SqlDatasource.ts file