Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php
http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html