fix the qhelp of secondary server cmd injectino

am0o0 · am0o0 · commit 5299c4a8456e · 2024-05-29T16:00:06.000+02:00
diff --git a/python/ql/src/experimental/Security/CWE-074/secondaryCommandInjection/SecondaryServerCmdInjection.qhelp b/python/ql/src/experimental/Security/CWE-074/secondaryCommandInjection/SecondaryServerCmdInjection.qhelp
@@ -2,7 +2,10 @@
 <qhelp>
     <overview>
         <p>
-            Running user-controlled values into a secondary remote servers without proper authorization can allow an attacker to inject arbitrary command in the secondary remote servers from within your primary remote servers.
+            Allowing users to execute arbitrary commands using an SSH connection on a secondary server can lead to security issues unless you implement proper authorization.
+        </p>
+        <p>
+            Assume that you connect to a secondary system via SSH connection from your main or local server that accepts user-controlled data and has interaction with users that you don't trust, passing these data to SSH API as a part of a command that will be executed on a secondary remote server can lead to security issues. You should consider proper authorization rules very carefully.
         </p>
     </overview>
     <recommendation>
