A 0-day exploit is a vulnerability not known to the public and more particular, the programmers of a particular application.
You don't want to get that confused with bad coding. If someone created a button that said "Click here for admin access", and it would grant admin access, this would not be a 0-day vulnerability.
Most programmers would agree that having this button would be bad and could tell the original programmer the implications of their code.
Lets hypothetically assume that all programmers think this button is okay to have. Of course we know this is a vulnerability now but they don't at the time. Now many programmers start including this button with their program. One day someone may discover this and click the button and instantly get admin access. This would be considered a 0-day because no one else knew about it.
Months later when this button is discovered, it will eventually be patched. If programmers still include this button in their programs, then it is not a 0-day because it doesn't meet the criteria for 0-day exploit anymore because it is known.
In questions example, Apache has a known flaw, so this would not be a 0-day exploit. It is known to the public.
It is already known that SQL vulnerabilities exists from bad coding and without proper escaping or by not using parameterized queries. However, if you found a SQL vulnerability that allowed execution of unwanted statements that has not been addressed before, then this would be a finding.