Can an exploiter Fire the Client?

Hey guys! I hope you are all doing very very well! Being direct, I have a single question: Can an exploiter fire the client?

What I mean with this, it’s that if for example, I have a RemoteEvent called “ClientTest”, and the exploiter with his “Injector” uses a script, could he find a way to fire this remote event to the client?

ex:

for i, v in pairs(game.Players:GetPlayers()) do
 game.ReplicatedStorage.ClientTest:FireClient(v)
end

I know that for firing the client you need to be in the server, and that if the exploiter tried this, It isn’t supposed to work, but I still want to confirm if they can’t fire the client, so that I’m sure to make an Anticheat to the FireClient scripts.

Thank you for everything and have a nice day and life! byee!

All functions that are only on the server side cannot be called by the client. Through a local script or a script injection, the result will be the same, it will fail. The only way for an exploiter to call another client with a RemoteEvent is to have a backdoor allowing him to access the server or to have a RemoteEvent that would allow the client to select a RemoteEvent and a client to call (nobody does that, i hope. This would be a perfect example of, don’t trust the client).

See also RemoteEvent:FireClient

yes an exploiter can due to it being a client not the server to execute fireserver its really hard even for the exploiter

(correct me if i am wrong)

Thank you for your help!