Nagios XI is prone to a SQL injection vulnerability. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server. Successful exploitation could lead to the disclosure of sensitive information from the database such as API keys for administrative users.