The function eval[1] evaluates a string as code. The special variable $_GET[2] contains HTTP GET variables, which may be freely set by a remote user.
So if your PHP file executes eval($_GET['code']), then arbitrary folks can submit whatever code they want as a parameter -- as in /index.php?code=blah -- and have your webserver run it for them.
$_GET is a magic super global in PHP that contains all of the GET parameters of a request. Doing something like eval($_GET['code']); means you're essentially allowing a user to execute arbitrary code passed in through the URL. Not the safest thing to do...
It evaluates as PHP code the contents of the URL parameter named "code".
Although it seems like most hits are from PHP Vulnerability Hunter -- an automated whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.
So if your PHP file executes eval($_GET['code']), then arbitrary folks can submit whatever code they want as a parameter -- as in /index.php?code=blah -- and have your webserver run it for them.
[1] http://php.net/manual/en/function.eval.php [2] http://php.net/manual/en/reserved.variables.get.php