SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
https://www.exploit-db.com/exploits/5587
https://exchange.xforce.ibmcloud.com/vulnerabilities/42323
http://www.securityfocus.com/archive/1/491943/100/0/threaded