Nagios XI v5.8.6 exists to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
nagios nagios xi 5.8.6