The function eval[1] evaluates a string as code. The special variable $_GET[2] contains HTTP GET variables, which may be freely set by a remote user.
So if your PHP file executes eval($_GET['code']), then arbitrary folks can submit whatever code they want as a parameter -- as in /index.php?code=blah -- and have your webserver run it for them.