Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution.