diff --git a/src/middleware/user.js b/src/middleware/user.js
index db3a97ef08..c3871bd023 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -165,7 +165,11 @@ module.exports = function (middleware) {
 			return controllers.helpers.notAllowed(req, res);
 		}
 
-		const uid = await user.getUidByUserslug(req.params.userslug);
+		if (!['uid', 'userslug'].some(param => req.params.hasOwnProperty(param))) {
+			return controllers.helpers.notAllowed(req, res);
+		}
+
+		const uid = req.params.uid || await user.getUidByUserslug(req.params.userslug);
 		let allowed = await privileges.users.canEdit(req.uid, uid);
 		if (allowed) {
 			return next();