This challenge can be solved by editing the 'p' cookie to a malbolge program that prints the path to a file on the host and then do a lfi. Originally the Kuchenblech challenges were designed to be exploited stage after stage therefore this was the entrypoint and to get into the system someone would need a shell. To obtain a shell the image upload function can be abused to include a php reverse shell. Alternatively the php session should also contain the username which is attacker controlled, but I never tested it ;)

Original writeup (https://github.com/OlfillasOdikno/CAMP-CTF-2019/tree/master/solutions/Kuchenblech/stage1).