SQL Injection : Zap report

I have run Zap scanning tool on my Grafana Project. we are using grafana 6.7.3 version.
Zap has reported SQL Injection alert of high severity. Below is detail of Alert -

High (Medium) SQL Injection
Description SQL injection may be possible.
URL http://<Ipaddress>/api/users/search?perpage=50&page=1+AND+1%3D1±-+&query=
Method GET
Parameter page
Attack 1 AND 1=1 –

Could you please let me know the resolution for the same.



it seems to be high risk vulnerability under -

can some one respond how to overcome from this vulnerability.


@abhimanyumanocha Did you get any resolution? I am also facing the same.

Has this even been confirmed as a vulnerability, or is it just an automated
checking tool giving a false positive?


The above mentioned URL does give the result back confirming SQL injection possible with authorized user

Does anyone has any idea?

Not sure what your question is?

Execution of arbitrary SQL is indeed possible if permissions are not configured properly on the SQL server. This is documented: PostgreSQL | Grafana Labs