Course deletion on the teacher portal is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely erase, export or change all information in the database - potentially rendering the entire platform unusable.
test' OR 1=1;-- -
Account takeover, complete deletion of data, unauthorized changes and application lockout are possible due to this bug.
Use prepared statements with proper exception handling on the back-end to prevent injection attacks. Additionally, you could write basic checks on the front-end to prevent requests from going through, however this is trivially bypassed.