I don’t believe exploits should be posted here and instead directly to the @DevEngagementTeam. Announcing an exploit could cause others to abuse it, if said exploit is truly an exploit.
This could just be a case of bad security in your game, but there’s not enough information to say that it’s an exploit or it’s the security as all you’ve provided is a screenshot of in-game.
Server side code injectors (level 7) do not work like this anymore, this was patched a long time ago with FilteringEnabled. The only way this could be caused is either a physics engine exploit, character network exploit (assuming this is an exploit), and finally, an unprotected remote- which is the most likely option.
Your game has to have a backdoor, you must be missing something. Exploiters don’t just randomly find a method to insert terrain and models into your game or else this would be happening in bigger games like Adopt Me.
This could also be a result of your scripts having bad security. Not sure how you’d make something so vulnerable to allow this, but it’s still a possibility. Try searching all scripts for InsertService.