DedeCMS 5.7 allows remote malicious users to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.
dedecms dedecms 5.7