FlatNuke 2.5.5 and possibly earlier versions allows remote malicious users to obtain sensitive information via a direct request to structure.php.
flatnuke flatnuke 2.5.5