DedeCMS 5.7 allows remote attackers to discover the full path via a direct request to include/downmix.inc.php or inc/inc_archives_functions.php
include/downmix.inc.php
inc/inc_archives_functions.php