Code injection

An issue was discovered on Enphase Envoy R3.x and D4.x and other current devices. The upgradestart function in /installer/upgradestart allows remote authenticated users to execute arbitrary commands via the force parameter...