Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.

Authenticated user can register for some course (paid or free). After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API (by using intercepting proxy tool) and modify rating value he can set enormously large values as rating. After experimenting following restrictions was found: 1) 2147483647 <-- Maximum rating value 2) -2147483648 <-- Minimal rating value Example of setting such rating could be found on the SCREEN: Set_rating_1.jpg After some time that rating will affect correct calculation of course's average rating: PROF SCREEN: Result_of_wrong_rating_2.png This issue could be used by attacker in order to trick user to buy bad quality content. p.s. In order to remove wrong rating value i've already deleted my review. Here is PROF SCREEN: Delete_rating_3.jpg