Really? I think of a backdoor as a deliberate vulnerability, and the exploit as the attack (or attack code) that makes use of any kind of vulnerability.
Let's say the NSA adds a backdoor. If someone else finds it, isn't that an exploit?
Very similarly to yourself, but I would say backdoor and vulnerability are mutually exclusive (kinda? I guess a backdoor is a deliberate vulnerability but I think you know what I mean) yet both can be exploited (the exploit being the client side code, if you will).
Let's say the NSA adds a backdoor. If someone else finds it, isn't that an exploit?