Unable to exploit Sql Injection in the parameter


During my testing I have found a vulnerable parameter in API (/api/v1/documents/?direction=desc&limit=30&mode=reports**&page=1**) and its parameter is page=1 at the end. Upon giving a NULL value &page= in the parameter it returns the following error.

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 30) AS `UserDocuments` LEFT OUTER JOIN `tasks` AS `Tasks` ON `UserDocuments' at line 1" 

While if i input ` at the end of value page=1′ it returns the following error

"Undeclared variable: NaN","sql":"SELECT `UserDocuments`.*, `Tasks`.`id` AS `Tasks.id`, `Tasks`.... 

I have the following questions in my mind , i have tried exploiting it but unable to do so. How can i exploit this parameter as it is returning the syntax error. Also if it is not exploitable is it still vulnerable to Sql Injection or some attack ?

Please Note that it is a GET Request and Response is in JSON, while application is developed on PHP.