Authenticated user can register for some course (paid or free). After registering and taking couple of lectures "Rate course" functional becomes active.
Malicious user can fill the rating form and submit it. By intercepting request to the server's API (by using intercepting proxy tool) and modify rating value he can set enormously large values as rating. After experimenting following restrictions was found: 1) 2147483647 <-- Maximum rating value 2) -2147483648 <-- Minimal rating value
Example of setting such rating could be found on the SCREEN: Set_rating_1.jpg
After some time that rating will affect correct calculation of course's average rating: PROF SCREEN: Result_of_wrong_rating_2.png
This issue could be used by attacker in order to trick user to buy bad quality content.
p.s. In order to remove wrong rating value i've already deleted my review. Here is PROF SCREEN: Delete_rating_3.jpg