Description
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management.
References
suryadina.com/academy-lms-instructor-escalation-3n7b9f2w5k
