Accessing CASS is a big deal, and should be fixed but you’re gonna need more than this to board an aircraft.
Also… you can fix all the SQL issues, but you’re still not going to be able to fix the “men in hoodies with a big wrench talk to an authorized administrator (while their kids are kidnapped in Mexico)”
At the very least it sounds like you can get the password of many users (MD5 isn't exactly secure) and if they're sharing passwords then that's bad for them. You can also gain admin access and mess around with the site practically undetected for an indefinite amount of time.
Also… you can fix all the SQL issues, but you’re still not going to be able to fix the “men in hoodies with a big wrench talk to an authorized administrator (while their kids are kidnapped in Mexico)”