col1,col2
What is the vulnerability described in the text?,Grafana backend SQL injection
How can the SQL injection vulnerability be exploited?,By using a valid account login to the Grafana web backend and sending a malicious POST request to /api/ds/query with a modified 'rawSql' field
What is the risk level of this vulnerability?,High
Which versions of Grafana are affected by this vulnerability?,"All versions, including the latest"
Where is the affected code located?,grafana-sql package in grafana/packages/grafana-sql/src/datasource/SqlDatasource.ts file