You may want to read over these community resources because they explain exploiting more in depth:
Never trust the client
Exploited have full control over their client meaning you should never trust the data the client has sent to the server and always assume it has been tampered with. You should also avoid trusting the client with anything important like controlling their own data because exploiers will be able to modify it. Exploiters can fake remote calls, control all remote traffic in and out of their client, modify/tamper with anything they see including all gui’s and game geometry/objects, execute various scripts and software on their client and move their character freely because they have network ownership over it ect.
What could be done to protect your game against exploiters
You should try and make your server bullet proof with various checks to help stop exploiters messing with your game. Whenever a client fires a remote always have server sided checks in place to validate the data and to check if the remote call wasn’t faked because exploiters can freely fire remote events.
Have server sided anti-cheats and maybe some client sided anti-cheats depending on your use case(client sided anti-cheats will only stop some script kiddies and wont stop all exploiters). Anti-cheats could involve checking the players walkspeed by checking the distance the player has moved in a given amount of time and if they moved too far teleport them back.
Try and design your server and client model to have all the important features on the server so that if an exploiter changes anything on their client it wont have any impact. Generally the client should only be responsible for input and visual changes.