Improper input validation in the Auto-Discovery component of Nagios XI prior to 5.7.5 allows an authenticated malicious user to execute remote code.
nagios nagios xi