diff --git a/src/Backend/Modules/Authentication/Actions/Index.php b/src/Backend/Modules/Authentication/Actions/Index.php
index 8dcdba2f98..0d0559001d 100644
--- a/src/Backend/Modules/Authentication/Actions/Index.php
+++ b/src/Backend/Modules/Authentication/Actions/Index.php
@@ -10,6 +10,7 @@
 use Backend\Core\Engine\User;
 use Backend\Modules\Users\Engine\Model as BackendUsersModel;
 use Common\Mailer\Message;
+use SpoonFilter;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
 
@@ -326,7 +327,10 @@ private function getAllowedModule()
 
     private function sanitizeQueryString(string $queryString, string $default): string
     {
-        if (!preg_match('/^\//', $queryString) or preg_match('/^\/[^a-zA-Z0-9.-_~]/', $queryString)) {
+        if (!preg_match('/^\//', $queryString)
+            || preg_match('/^\/\//', $queryString)
+            || preg_match('/^\/[^a-zA-Z0-9.-_~]/', $queryString)
+        ) {
             return $default;
         }